From 6cdcde06b4449ab3df30297dedf9ac277ce07817 Mon Sep 17 00:00:00 2001 From: Eva Date: Fri, 13 Oct 2023 11:46:22 -0400 Subject: [PATCH] merge with main --- .../cli/parsed_mappings/cve/parsed_cve_mappings.json | 2 +- .../nist/10.1/r4/parsed_nist800-53-r4-10_1mappings.json | 2 +- .../nist/10.1/r5/parsed_nist800-53-r5-10_1mappings.json | 2 +- .../nist/12.1/r4/parsed_nist800-53-r4-12_1mappings.json | 2 +- .../nist/12.1/r5/parsed_nist800-53-r5-12_1mappings.json | 2 +- .../nist/8.2/r4/parsed_nist800-53-r4-8_2mappings.json | 2 +- .../nist/8.2/r5/parsed_nist800-53-r5-8_2mappings.json | 2 +- .../nist/9.0/r4/parsed_nist800-53-r4-9_0mappings.json | 2 +- .../nist/9.0/r5/parsed_nist800-53-r5-9_0mappings.json | 2 +- .../cli/parsed_mappings/security_stack/AWS/parsed_AWS.json | 2 +- .../cli/parsed_mappings/security_stack/Azure/parsed_Azure.json | 2 +- .../cli/parsed_mappings/security_stack/GCP/parsed_GCP.json | 2 +- .../cli/parsed_mappings/veris/1.3.5/parsed_veris-mappings.json | 2 +- .../veris/1.3.7/parsed_veris-1_3_7-mappings-enterprise.json | 2 +- .../veris/1.3.7/parsed_veris-1_3_7-mappings-ics.json | 2 +- .../veris/1.3.7/parsed_veris-1_3_7-mappings-mobile.json | 2 +- 16 files changed, 16 insertions(+), 16 deletions(-) diff --git a/src/mappings_explorer/cli/parsed_mappings/cve/parsed_cve_mappings.json b/src/mappings_explorer/cli/parsed_mappings/cve/parsed_cve_mappings.json index 0d413711..1f534e21 100644 --- a/src/mappings_explorer/cli/parsed_mappings/cve/parsed_cve_mappings.json +++ b/src/mappings_explorer/cli/parsed_mappings/cve/parsed_cve_mappings.json @@ -1 +1 @@ -{"metadata": {"mapping-version": "", "attack-version": "9.0", "technology-domain": "enterprise", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "CVE Vulnerability List", "mapping-framework-version": ""}, "attack-objects": [{"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15243", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15243", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15243", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15976", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15976", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15976", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15956", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15956", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15956", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15956", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15958", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15958", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-12660", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-12660", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-12660", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1753", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1753", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1753", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1753", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1860", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1860", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1831", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1831", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1942", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1942", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1942", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1942", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1942", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15972", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15972", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15972", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15972", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15972", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16009", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16009", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1879", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1879", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1879", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1863", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1863", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1863", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1863", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3403", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3403", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3403", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1941", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1941", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1941", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3292", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3292", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3292", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3292", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1529", "attack-object-name": "System Shutdown/Reboot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15397", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15397", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3253", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3253", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1838", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1838", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1838", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3233", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3233", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3233", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15401", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15401", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15249", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15249", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15249", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15280", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15280", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15280", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15288", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15288", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15288", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1781", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1781", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1781", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3460", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3460", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3137", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3137", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3137", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3312", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3312", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1768", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1768", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1768", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3379", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3379", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1724", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1529", "attack-object-name": "System Shutdown/Reboot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1817", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1817", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3477", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3477", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1794", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1794", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1620", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1620", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3216", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3216", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3306", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3306", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1886", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1711", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3375", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3375", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1857", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1857", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1703", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15963", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15963", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1689", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1689", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1689", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3476", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3476", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15466", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15466", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15287", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15287", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15998", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15998", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1889", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1889", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3134", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1736", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3120", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1764", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1764", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1943", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1943", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1943", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1665", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1665", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1665", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15994", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15994", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15994", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1477", "attack-object-name": "Exploit via Radio Interfaces", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1747", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1747", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15959", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15959", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15974", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15974", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1772", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1772", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1772", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3133", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3133", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-12696", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-12696", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3387", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3387", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3387", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15393", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15393", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15393", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1594", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1594", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3440", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3440", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3440", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1876", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1876", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3121", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3121", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3121", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1612", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1612", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1612", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1612", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1715", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1715", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1715", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1715", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1609", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1609", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1609", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1836", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1836", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15289", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15289", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15444", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15444", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15444", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1611", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1611", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1611", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3407", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3407", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3237", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3237", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15376", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15376", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15376", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15376", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15376", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15276", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15276", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15276", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15276", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3416", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3416", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3126", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3126", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3126", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3356", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3356", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3356", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1915", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1915", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1915", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1915", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1915", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1915", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1746", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1746", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3397", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3397", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1812", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1812", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1812", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3322", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3322", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3322", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3198", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3198", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3198", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3198", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3198", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3198", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3198", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3198", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3309", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3309", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3309", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3309", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3177", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3177", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3510", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3510", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3513", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3513", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3409", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3409", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3349", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3349", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3349", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15392", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15392", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15462", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15462", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1704", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1704", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3244", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3244", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3240", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3240", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3240", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3240", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3240", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3240", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1790", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1790", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1790", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5364", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5364", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3707", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3735", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3735", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11048", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11048", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11048", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11048", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3754", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3754", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3754", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5374", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15771", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15771", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15782", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15782", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15782", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3723", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3723", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3723", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3723", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11045", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11045", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5345", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5345", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5336", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5336", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5336", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15795", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15795", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5365", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5365", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3717", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3717", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3732", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3732", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3731", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3731", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5326", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5326", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15776", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15776", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18573", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3727", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3727", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3728", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3790", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3790", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3719", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3719", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15764", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15764", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11084", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5339", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5339", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5339", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15784", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5386", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3704", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3704", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3704", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3799", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3799", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18578", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18578", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18578", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5340", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5340", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5340", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5358", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5371", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5371", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3758", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3758", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11051", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11051", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5378", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3767", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15800", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15800", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11059", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11059", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11059", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3775", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11075", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11075", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11075", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5376", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15761", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15761", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3787", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3787", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3787", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15797", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15797", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15772", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5331", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5362", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5362", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18571", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18571", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18571", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3782", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3782", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5379", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11088", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11088", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11062", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15758", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15758", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3780", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3780", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5369", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5366", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5366", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3798", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3798", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5373", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5373", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3788", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3788", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11060", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11067", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11067", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5328", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3784", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3762", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1588.004", "attack-object-name": "Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3762", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18582", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11049", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5350", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5350", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15801", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18581", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18581", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5332", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3778", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3778", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15774", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15780", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15780", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3786", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3786", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3706", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11072", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11073", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11073", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11073", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11087", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3708", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3708", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3708", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15767", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1600", "attack-object-name": "Weaken Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11069", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11069", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3763", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078 ", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3763", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3750", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15105", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078 ", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15105", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15188", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15188", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5250", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1478", "attack-object-name": "Install Insecure or Malicious Configuration", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5250", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16768", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15147", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15147", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15118", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15118", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5210", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5210", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11055", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11055", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5283", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5283", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15211", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15211", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5220", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5220", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11021", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11021", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5269", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5269", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5269", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11030", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11030", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11030", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11036", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11036", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11036", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15100", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15100", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15100", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15094", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15094", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15140", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15140", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11087", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11087", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11023", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11023", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11023", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5290", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5290", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11090", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5270", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5270", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5270", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5270", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5270", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5254", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5254", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15096", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15096", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11013", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1552 ", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15095", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1036 ", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15233", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15233", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5252", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11019", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11019", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11019", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1068 ", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15182", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15182", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5264", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5264", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5264", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11078", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11050", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15170", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1478 ", "attack-object-name": "Install Insecure or Malicious Configuration", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15170", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005 ", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5295", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5295", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15189", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15189", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1133 ", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15189", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15137", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15137", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190 ", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15137", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11035", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11035", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11035", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11035", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5217", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5217", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190 ", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5261", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5261", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11054", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11054", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-4068", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-4068", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-4068", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-4068", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-4068", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-4068", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-4068", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-4068", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15109", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15109", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15109", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11082", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11082", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11082", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15093", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15093", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15093", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15093", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5225", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5225", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5225", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5266", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5266", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5266", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15208", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15208", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059 ", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11010", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11010", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11010", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11010", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11010", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11010", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11010", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16784", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16784", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16784", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15143", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15143", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11039", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11039", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11039", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15199", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15199", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16760", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1478", "attack-object-name": "Install Insecure or Malicious Configuration", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16760", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15179", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15179", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5271", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5271", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5271", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5231", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5231", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5279", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11059", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15183", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15183", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11044", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5284", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15162", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15162", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11073", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11073", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5267", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5267", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11068", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11068", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5297", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5297", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5241", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5241", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5253", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5253", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1478", "attack-object-name": "Install Insecure or Malicious Configuration", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5253", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1589", "attack-object-name": "Gather Victim Identity Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15132", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16782", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16782", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11045", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11083", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5281", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T0814", "attack-object-name": "Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6986", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6986", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17934", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17934", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17934", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1202", "attack-object-name": "Indirect Command Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17934", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12029", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12029", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12029", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7520", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7499", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7499", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6522", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6522", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-10980", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-10980", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6538", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6538", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6538", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6538", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T0860", "attack-object-name": "Wireless Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6538", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1477", "attack-object-name": "Exploit via Radio Interfaces", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6538", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7526", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-5445", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-5454", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-14819", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6960", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12014", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13511", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13511", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12038", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12038", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6563", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6563", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6563", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19007", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19007", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18990", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-14781", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-14781", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10633", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10610", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10610", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10610", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10610", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-14809", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-14809", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-14809", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-14809", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T0816", "attack-object-name": "Device Restart/Shutdown", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18995", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1529", "attack-object-name": "System Shutdown/Reboot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18995", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T0855", "attack-object-name": "Unauthorized Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18995", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T0836", "attack-object-name": "Modify Parameter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18995", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18995", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T0855", "attack-object-name": "Unauthorized Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-5459", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T0833", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-5459", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-5459", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-5459", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-5459", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13555", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T0826", "attack-object-name": "Loss of Availability", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13555", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12008", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T0859", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12008", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T0842", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12008", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-10990", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1066", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-10990", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8852", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-10971", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10590", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10590", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16200", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T0826", "attack-object-name": "Loss of Availability", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16200", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10636", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10636", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10636", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19010", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19010", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7500", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18234", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18234", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18234", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18234", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18234", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18234", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18234", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6964", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6964", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6964", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6993", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6993", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-14510", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-14510", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-14510", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-14508", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-14508", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-14508", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7494", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7494", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-7004", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-5451", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-10603", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-10603", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17889", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13522", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13522", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12024", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T0875", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17924", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T0803", "attack-object-name": "Block Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17924", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T0804", "attack-object-name": "Block Reporting Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17924", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T0855", "attack-object-name": "Unauthorized Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17924", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12000", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12000", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17910", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1202", "attack-object-name": "Indirect Command Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10589", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8835", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8835", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17908", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17908", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17900", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078 ", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17900", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16211", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16211", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10620", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1575", "attack-object-name": "Native Code", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17911", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6549", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078 ", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6549", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17892", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1575", "attack-object-name": "Native Code", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-14802", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18987", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18987", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18987", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16198", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18263", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-10602", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1575", "attack-object-name": "Native Code", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-10987", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1575", "attack-object-name": "Native Code", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13541", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0884", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0884", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1025", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0911", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0911", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0911", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0911", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1111", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1111", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1111", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1111", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1111", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8355", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8355", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8355", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8355", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8355", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8355", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8355", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8355", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1087", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0671", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0671", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0671", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0671", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0671", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0671", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1270", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1270", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1202", "attack-object-name": "Indirect Command Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1270", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0898", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0898", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1118", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1118", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1118", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1118", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1118", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1118", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1118", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1118", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1456", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1456", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1456", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1456", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1478", "attack-object-name": "Install Insecure or Malicious Configuration", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1456", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1456", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1086", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1109", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1109", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1109", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1109", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1109", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1109", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0576", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0576", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0576", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1347", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1163", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1068", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1495", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1495", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1495", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1495", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1495", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1495", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1495", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1495", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1425", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1425", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8248", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8248", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8248", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8248", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8248", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8248", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8248", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8248", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0758", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0758", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1141", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1141", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8111", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8111", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8111", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8111", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8111", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8111", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8111", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8111", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8607", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8607", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8607", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8607", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1478", "attack-object-name": "Install Insecure or Malicious Configuration", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8607", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8607", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1021", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1569", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1569", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1569", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1569", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1569", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1569", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1569", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1569", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1423", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1423", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16874", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16874", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16874", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16874", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16874", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16874", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16874", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1013", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1013", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1013", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0609", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0609", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0609", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0609", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0609", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0609", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0609", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0609", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1190", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8353", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8353", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8353", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8353", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8353", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8353", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8353", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8353", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8110", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8110", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8110", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8110", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8110", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8110", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8110", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8110", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8575", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8575", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8575", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8575", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8575", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8575", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8575", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1031", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1031", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1031", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1031", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1478", "attack-object-name": "Install Insecure or Malicious Configuration", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1031", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1031", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1402", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0955", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0981", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0981", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0981", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8160", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8160", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8160", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1106", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1106", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1106", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1106", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1035", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1035", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1035", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1035", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8431", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8431", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8489", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0926", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0926", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0926", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0926", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1052", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1052", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1052", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1052", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1471", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0636", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-1812", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-1812", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11652", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11652", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-16651", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-16651", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-0984", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-0984", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-0984", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-9670", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-9670", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1036.", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15869", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15869", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6808", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11749", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11749", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-6685", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-0099", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3336", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6820", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6820", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-9978", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-9978", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2945", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2945", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4114", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4114", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4114", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1458", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1458", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3888", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3888", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13538", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13538", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-6475", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-6475", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-8835", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-8467", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12659", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-10751", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1027", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1215", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1214", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0859", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-9862", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-9488", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8599", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-5463", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11776", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-1274", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0263", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-5195", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7910", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2387", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2360", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-0016", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4113", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-1807", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0322", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-0181", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-2884", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-2743", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1612", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5539", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": " T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5539", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5539", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-13289", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-13289", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15821", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15821", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15821", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15821", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1149", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15821", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0707", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0707", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0707", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-10817", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-10817", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-5786", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-5786", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0213", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0213", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-2215", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1404", "attack-object-name": "Exploit OS Vulnerability", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-2215", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0808", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0808", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-7533", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-7533", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-8649", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-8649", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12652", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12652", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6324", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6324", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-5954", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-5954", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2008-4996", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2008-4996", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-15211", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-15211", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1592", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1592", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-11368", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-11368", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-5645", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-5645", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1078.003.", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-3172", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0629", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0629", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-3298", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-3298", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-6922", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-6922", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1769", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1769", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-7456", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-7456", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12464", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12464", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15393", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15393", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9804", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9804", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11957", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-19735", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-1956", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-12520", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11219", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11219", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18872", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9819", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9819", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9819", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T11190", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7912", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7912", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7935", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7935", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-9938", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-9938", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-6367", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-6367", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1480", "attack-object-name": "Execution Guardrails", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-6367", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-2772", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-2772", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-5958", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-5958", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-5180", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-5180", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-5180", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11510", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11510", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11510", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7506", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552.004.", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7506", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1134.001.", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1701", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1701", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-6129", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-6129", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-6129", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-4051", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-4051", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-3056", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-4681", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-4681", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-4681", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1057", "attack-object-name": "Process Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-4681", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-4681", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": " T1480", "attack-object-name": "Execution Guardrails", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-4681", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-0158", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-0158", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-0158", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-0158", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-0158", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-0158", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-0158", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6418", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6418", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5902", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5902", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-7286", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-7286", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18935", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18935", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-17026", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-17026", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13720", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13720", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11886", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11886", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-9206", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-9206", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8174", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8174", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8120", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8120", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-0798", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-0798", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-4656", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-4656", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-1409", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-1409", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2590", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2590", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2425", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2425", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-2817", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-2817", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0324", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0324", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0307", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0307", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-5211", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-5211", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-2471", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-2471", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-1493", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-1493", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0625", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0625", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0422", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0422", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-3402", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-3402", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1423", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1423", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1165", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1165", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1862", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1862", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1807", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1807", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1151", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1151", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1641", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1641", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1641", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11901", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11901", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11901", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-7256", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-7256", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1134.001.", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-7256", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-3714", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-3714", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-3714", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-0071", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-0071", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-0071", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4123", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4123", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4123", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0266", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0266", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0266", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1885", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1885", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1885", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-3459", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-3459", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-3459", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-13125", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-13125", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-13125", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-13125", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-7187", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-7187", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-7187", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-7187", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-3544", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-3544", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-3544", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-0034", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-0034", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-0034", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7756", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7756", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7756", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2426", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2426", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2426", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-0802", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2424", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-2539", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0022", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1518.001", "attack-object-name": "Security Software Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0022", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6703", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16759", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15107", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1132", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-10973", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0880", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8611", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7602", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7600", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-2893", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-2628", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-1000861", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-0101", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-9841", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-8291", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-3881", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-3066", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-11774", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0199", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0005", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-9192", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-4902", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-0072", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-8551", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6287", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6120", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-5279", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-1809", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0050", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-7372", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-7102", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-5057", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-1289", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0641", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0632", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0631", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-2520", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-1723", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-1557", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-0874", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-2900", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-0096", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3916", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3653", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-0817", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-2265", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1308", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-5910", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-5910", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6974", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6974", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6974", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11738", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11738", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9380", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9380", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-10189", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-10189", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-2729", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-2729", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-2725", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-2725", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10611", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10611", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-18362", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-18362", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-5062", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-5062", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-6480", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-6480", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6293", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6293", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-6498", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-6498", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1505.003.", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-6498", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0295", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0295", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-9684", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-9684", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-7186", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-7186", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6277", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6277", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6271", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6271", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-1795", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-1795", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9459", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9459", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9459", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9459", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9459", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-1331", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-1331", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0640", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0640", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0640", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-12637", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-12637", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-1904", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-1904", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11708", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11708", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11708", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-13126", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-13126", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-10271", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-10271", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-6909", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-6909", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6278", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6278", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-5326", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-5326", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-3041", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-3041", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11897", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11897", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11897", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11896", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11896", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11896", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7496", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7496", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-1001000", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-1001000", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-8540", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-8540", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0604", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0604", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19207", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19207", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-3413", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-3413", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-1675", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-1675", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-4862", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-4862", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-2894", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-2894", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-6081", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-6081", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-4106", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-4106", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15961", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15961", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15961", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-8562", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-8562", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-8562", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-8562", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3900", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3900", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1539", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1539", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3765", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3765", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-7235", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-7235", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-3015", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-3015", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-3015", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-1761", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-1761", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190. T1005", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-4335", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-4335", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-4335", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-9019", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-9019", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1202", "attack-object-name": "Indirect Command Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3893", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3893", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3893", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9818", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1631", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1350", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0938", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-9791", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1579", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11932", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0903", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0803", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8833", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8589", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7513", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-20838", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18956", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10376", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-5613", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-2404", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-12824", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-9299", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-2208", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-3864", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-7169", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-5334", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0593", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3897", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3163", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-2311", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-1856", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-3192", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-2005", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-4398", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-2568", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-2152", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1297", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-0842", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-0480", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1800", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1671", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-0824", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2008-2992", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-5638", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-5638", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1494", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1494", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1494", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1494", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6819", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6819", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-10257", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-10257", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-15919", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-15919", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0222", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0222", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0149", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0149", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-9079", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-9079", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-7189", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-7189", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-3393", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-3393", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-5123", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-5123", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2502", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2502", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2419", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2419", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6332", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6332", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-1815", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-1815", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-2465", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-2465", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-2423", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-2423", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-3213", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-3213", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3971", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3971", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1136", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1136", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-1776", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-1776", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-1776", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3918", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3918", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3918", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-2883", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-2883", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0601", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0601", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-10149", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-10149", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-20062", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-20062", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-6366", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-6366", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3396", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3396", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3396", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-20250", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-20250", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-8464", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-8464", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-11882", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-11882", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-11826", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-11826", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0261", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0261", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-6585", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-6585", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1642", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1642", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-0096", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-0096", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-7247", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-7247", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6352", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6352", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-1331", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-1331", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1424", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1424", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-0840", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-0840", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-4324", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-4324", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-0556", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-0556", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13510", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13510", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.001.", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7925", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1529", "attack-object-name": "System Shutdown/Reboot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7925", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7925", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": " T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7925", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13541", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13541", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13527", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13527", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-8570", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-8570", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0262", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0262", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-7193", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-7193", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2509", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2509", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0810", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0810", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3644", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3644", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3915", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3915", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3333", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3333", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-2862", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-2862", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-0028", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-0028", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-3129", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-3129", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-0927", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-0927", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1206", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-8543", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0176", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-2729", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2008-4250", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-14323", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-14323", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-14323", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0751", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0751", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0751", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0751", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0751", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0751", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0751", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8414", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8414", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8414", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-8468", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-6112", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7755", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-0560", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-0560", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8337", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "TT1565", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8337", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8337", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-20753", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-13379", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-6415", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1404", "attack-object-name": "Exploit OS Vulnerability", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-7287", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1404", "attack-object-name": "Exploit OS Vulnerability", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1805", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1805", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1409", "attack-object-name": "Access Stored Application Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-12817", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1456", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-4655", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1461", "attack-object-name": "Lockscreen Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0493", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1533", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0493", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1477", "attack-object-name": "Exploit via Radio Interfaces", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3568", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-9081", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-9081", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-9081", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11707", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-14934", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-2055", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-16115", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-8648", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-14059", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12888", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12655", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11884", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11668", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16302", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11869", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-21091", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15454", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-14679", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-9142", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-10910", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-10810", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-1752", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12653", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12653", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11608", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11608", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004.", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12769", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004.", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-4854", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4148", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4148", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4148", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4148", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-3088", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-3088", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-5576", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-5576", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1518", "attack-object-name": "Software Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-3351", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11651", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11651", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11651", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5300", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5300", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-5054", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-5054", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-7246", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-7246", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-14486", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-14486", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-5065", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-5065", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2008-0655", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2008-0655", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-5290", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-5290", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-4408", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13922", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7259", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7259", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18641", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18641", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-14487", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-14487", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-14487", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T880", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-14487", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4077", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4077", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1553.002", "attack-object-name": "Code Signing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4077", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-0622", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7931", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-3566", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-16179", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-16179", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-12258", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10299", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1020", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1020", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-8759", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-8759", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-11847", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-11847", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3906", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3906", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-6467", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-6467", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6340", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6340", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-4100", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0688", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0688", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0708", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0708", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10657", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-0238", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11049", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-1854", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0797", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8453", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8440", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19320", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-7255", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-0728", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-0167", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-0165", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-6175", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2546", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4076", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-6282", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3660", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-2319", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-1249", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3081", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-0232", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2008-3431", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3338", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3338", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T812", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-14847", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-14847", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T828", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18665", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T828", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18667", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18667", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T828", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17877", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17877", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T828", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19831", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19831", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19831", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T828", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19830", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19830", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19830", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T828", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19833", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19833", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T855", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13533", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T842", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13533", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T873", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-10980", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-10980", "mapping-type": "Uncategorized"}]} \ No newline at end of file +{"metadata": {"mapping-version": "", "attack-version": "9.0", "technology-domain": "enterprise", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "CVE Vulnerability List", "mapping-framework-version": ""}, "attack-objects": [{"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15243", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15243", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15243", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15976", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15976", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15976", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15956", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15956", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15956", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15956", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15958", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15958", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-12660", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-12660", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-12660", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1753", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1753", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1753", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1753", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1860", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1860", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1831", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1831", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1942", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1942", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1942", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1942", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1942", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15972", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15972", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15972", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15972", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15972", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16009", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16009", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1879", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1879", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1879", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1863", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1863", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1863", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1863", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3403", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3403", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3403", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1941", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1941", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1941", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3292", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3292", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3292", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3292", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1529", "attack-object-name": "System Shutdown/Reboot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15397", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15397", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3253", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3253", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1838", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1838", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1838", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3233", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3233", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3233", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15401", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15401", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15249", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15249", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15249", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15280", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15280", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15280", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15288", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15288", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15288", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1781", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1781", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1781", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3460", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3460", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3137", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3137", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3137", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3312", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3312", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1768", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1768", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1768", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3379", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3379", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1724", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1529", "attack-object-name": "System Shutdown/Reboot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1817", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1817", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3477", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3477", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1794", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1794", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1620", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1620", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3216", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3216", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3306", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3306", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1886", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1711", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3375", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3375", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1857", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1857", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1703", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15963", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15963", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1689", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1689", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1689", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3476", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3476", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15466", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15466", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15287", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15287", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15998", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15998", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1889", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1889", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3134", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1736", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3120", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1764", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1764", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1943", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1943", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1943", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1665", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1665", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1665", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15994", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15994", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15994", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1477", "attack-object-name": "Exploit via Radio Interfaces", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1747", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1747", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15959", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15959", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15974", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15974", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1772", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1772", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1772", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3133", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3133", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-12696", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-12696", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3387", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3387", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3387", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15393", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15393", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15393", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1594", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1594", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3440", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3440", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3440", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1876", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1876", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3121", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3121", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3121", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1612", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1612", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1612", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1612", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1715", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1715", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1715", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1715", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1609", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1609", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1609", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1836", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1836", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15289", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15289", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15444", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15444", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15444", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1611", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1611", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1611", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3407", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3407", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3237", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3237", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15376", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15376", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15376", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15376", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15376", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15276", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15276", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15276", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15276", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3416", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3416", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3126", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3126", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3126", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3356", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3356", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3356", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1915", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1915", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1915", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1915", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1915", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1915", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1746", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1746", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3397", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3397", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1812", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1812", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1812", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3322", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3322", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3322", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3198", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3198", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3198", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3198", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3198", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3198", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3198", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3198", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3309", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3309", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3309", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3309", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3177", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3177", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3510", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3510", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3513", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3513", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3409", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3409", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3349", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3349", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3349", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15392", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15392", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15462", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15462", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1704", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1704", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3244", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3244", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3240", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3240", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3240", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3240", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3240", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-3240", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1790", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1790", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1790", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5364", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5364", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3707", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3735", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3735", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11048", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11048", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11048", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11048", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3754", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3754", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3754", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5374", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15771", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15771", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15782", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15782", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15782", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3723", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3723", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3723", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3723", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11045", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11045", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5345", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5345", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5336", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5336", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5336", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15795", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15795", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5365", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5365", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3717", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3717", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3732", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3732", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3731", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3731", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5326", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5326", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15776", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15776", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18573", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3727", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3727", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3728", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3790", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3790", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3719", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3719", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15764", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15764", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11084", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5339", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5339", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5339", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15784", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5386", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3704", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3704", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3704", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3799", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3799", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18578", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18578", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18578", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5340", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5340", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5340", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5358", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5371", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5371", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3758", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3758", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11051", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11051", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5378", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3767", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15800", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15800", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11059", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11059", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11059", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3775", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11075", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11075", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11075", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5376", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15761", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15761", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3787", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3787", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3787", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15797", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15797", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15772", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5331", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5362", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5362", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18571", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18571", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18571", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3782", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3782", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5379", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11088", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11088", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11062", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15758", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15758", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3780", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3780", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5369", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5366", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5366", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3798", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3798", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5373", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5373", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3788", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3788", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11060", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11067", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11067", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5328", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3784", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3762", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1588.004", "attack-object-name": "Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3762", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18582", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11049", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5350", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5350", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15801", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18581", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18581", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5332", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3778", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3778", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15774", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15780", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15780", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3786", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3786", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3706", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11072", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11073", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11073", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11073", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11087", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3708", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3708", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3708", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15767", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1600", "attack-object-name": "Weaken Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11069", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11069", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3763", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078 ", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3763", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3750", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15105", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078 ", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15105", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15188", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15188", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5250", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1478", "attack-object-name": "Install Insecure or Malicious Configuration", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5250", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16768", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15147", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15147", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15118", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15118", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5210", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5210", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11055", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11055", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5283", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5283", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15211", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15211", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5220", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5220", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11021", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11021", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5269", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5269", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5269", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11030", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11030", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11030", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11036", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11036", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11036", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15100", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15100", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15100", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15094", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15094", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15140", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15140", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11087", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11087", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11023", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11023", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11023", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5290", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5290", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11090", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5270", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5270", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5270", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5270", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5270", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5254", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5254", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15096", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15096", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11013", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1552 ", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15095", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1036 ", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15233", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15233", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5252", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11019", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11019", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11019", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1068 ", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15182", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15182", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5264", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5264", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5264", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11078", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11050", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15170", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1478 ", "attack-object-name": "Install Insecure or Malicious Configuration", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15170", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005 ", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5295", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5295", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15189", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15189", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1133 ", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15189", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15137", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15137", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190 ", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15137", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11035", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11035", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11035", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11035", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5217", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5217", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190 ", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5261", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5261", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11054", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11054", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-4068", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-4068", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-4068", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-4068", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-4068", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-4068", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-4068", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-4068", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15109", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15109", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15109", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11082", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11082", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11082", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15093", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15093", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15093", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15093", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5225", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5225", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5225", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5266", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5266", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5266", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15208", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15208", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059 ", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11010", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11010", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11010", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11010", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11010", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11010", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11010", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16784", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16784", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16784", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15143", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15143", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11039", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11039", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11039", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15199", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15199", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16760", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1478", "attack-object-name": "Install Insecure or Malicious Configuration", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16760", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15179", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15179", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5271", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5271", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5271", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5231", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5231", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5279", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11059", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15183", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15183", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11044", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5284", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15162", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15162", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11073", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11073", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5267", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5267", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11068", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11068", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5297", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5297", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5241", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5241", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5253", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5253", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1478", "attack-object-name": "Install Insecure or Malicious Configuration", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5253", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1589", "attack-object-name": "Gather Victim Identity Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15132", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16782", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16782", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11045", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11083", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5281", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T0814", "attack-object-name": "Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6986", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6986", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17934", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17934", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17934", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1202", "attack-object-name": "Indirect Command Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17934", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12029", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12029", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12029", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7520", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7499", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7499", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6522", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6522", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-10980", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-10980", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6538", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6538", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6538", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6538", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T0860", "attack-object-name": "Wireless Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6538", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1477", "attack-object-name": "Exploit via Radio Interfaces", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6538", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7526", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-5445", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-5454", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-14819", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6960", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12014", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13511", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13511", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12038", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12038", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6563", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6563", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6563", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19007", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19007", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18990", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-14781", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-14781", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10633", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10610", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10610", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10610", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10610", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-14809", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-14809", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-14809", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-14809", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T0816", "attack-object-name": "Device Restart/Shutdown", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18995", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1529", "attack-object-name": "System Shutdown/Reboot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18995", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T0855", "attack-object-name": "Unauthorized Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18995", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T0836", "attack-object-name": "Modify Parameter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18995", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18995", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T0855", "attack-object-name": "Unauthorized Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-5459", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T0833", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-5459", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-5459", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-5459", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-5459", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13555", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T0826", "attack-object-name": "Loss of Availability", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13555", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12008", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T0859", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12008", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T0842", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12008", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-10990", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1066", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-10990", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8852", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-10971", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10590", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10590", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16200", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T0826", "attack-object-name": "Loss of Availability", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16200", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10636", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10636", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10636", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19010", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19010", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7500", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18234", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18234", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18234", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18234", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18234", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18234", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18234", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6964", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6964", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6964", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6993", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6993", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-14510", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-14510", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-14510", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-14508", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-14508", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-14508", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7494", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7494", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-7004", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-5451", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-10603", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-10603", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17889", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13522", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13522", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12024", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T0875", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17924", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T0803", "attack-object-name": "Block Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17924", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T0804", "attack-object-name": "Block Reporting Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17924", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T0855", "attack-object-name": "Unauthorized Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17924", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12000", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12000", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17910", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1202", "attack-object-name": "Indirect Command Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10589", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8835", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8835", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17908", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17908", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17900", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078 ", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17900", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16211", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16211", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10620", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1575", "attack-object-name": "Native Code", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17911", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6549", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1078 ", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6549", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17892", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1575", "attack-object-name": "Native Code", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-14802", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18987", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18987", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18987", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16198", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18263", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-10602", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1575", "attack-object-name": "Native Code", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-10987", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1575", "attack-object-name": "Native Code", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13541", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0884", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0884", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1025", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0911", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0911", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0911", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0911", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1111", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1111", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1111", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1111", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1111", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8355", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8355", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8355", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8355", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8355", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8355", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8355", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8355", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1087", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0671", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0671", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0671", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0671", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0671", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0671", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1270", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1270", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1202", "attack-object-name": "Indirect Command Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1270", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0898", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0898", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1118", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1118", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1118", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1118", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1118", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1118", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1118", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1118", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1456", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1456", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1456", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1456", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1478", "attack-object-name": "Install Insecure or Malicious Configuration", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1456", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1456", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1086", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1109", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1109", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1109", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1109", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1109", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1109", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0576", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0576", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0576", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1347", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1163", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1068", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1495", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1495", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1495", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1495", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1495", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1495", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1495", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1495", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1425", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1425", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8248", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8248", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8248", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8248", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8248", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8248", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8248", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8248", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0758", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0758", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1141", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1141", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8111", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8111", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8111", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8111", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8111", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8111", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8111", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8111", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8607", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8607", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8607", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8607", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1478", "attack-object-name": "Install Insecure or Malicious Configuration", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8607", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8607", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1021", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1569", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1569", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1569", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1569", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1569", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1569", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1569", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1569", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1423", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1423", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16874", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16874", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16874", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16874", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16874", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16874", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-16874", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1013", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1013", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1013", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0609", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0609", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0609", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0609", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0609", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0609", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0609", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0609", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1190", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8353", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8353", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8353", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8353", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8353", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8353", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8353", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8353", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8110", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8110", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8110", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8110", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8110", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8110", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8110", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8110", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8575", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8575", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8575", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8575", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8575", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8575", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8575", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1031", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1031", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1031", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1031", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1478", "attack-object-name": "Install Insecure or Malicious Configuration", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1031", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1031", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1402", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0955", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0981", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0981", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0981", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8160", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8160", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8160", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1106", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1106", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1106", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1106", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1035", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1035", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1035", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1035", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8431", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8431", "mapping-type": "Secondary Impact"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8489", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0926", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0926", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0926", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0926", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1052", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1052", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1052", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1052", "mapping-type": "Exploitation Technique"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1471", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0636", "mapping-type": "Primary Impact"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-1812", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-1812", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11652", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11652", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-16651", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-16651", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-0984", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-0984", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-0984", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-9670", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-9670", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1036.", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15869", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15869", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6808", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11749", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11749", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-6685", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-0099", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3336", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6820", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6820", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-9978", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-9978", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2945", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2945", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4114", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4114", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4114", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1458", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1458", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3888", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3888", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13538", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13538", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-6475", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-6475", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-8835", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-8467", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12659", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-10751", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1027", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1215", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1214", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0859", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-9862", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-9488", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8599", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-5463", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11776", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-1274", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0263", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-5195", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7910", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2387", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2360", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-0016", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4113", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-1807", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0322", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-0181", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-2884", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-2743", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1612", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5539", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": " T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5539", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5539", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-13289", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-13289", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15821", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15821", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15821", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15821", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1149", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15821", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0707", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0707", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0707", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-10817", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-10817", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-5786", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-5786", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0213", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0213", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-2215", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1404", "attack-object-name": "Exploit OS Vulnerability", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-2215", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0808", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0808", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-7533", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-7533", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-8649", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-8649", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12652", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12652", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6324", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6324", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-5954", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-5954", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2008-4996", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2008-4996", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-15211", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-15211", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1592", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1592", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-11368", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-11368", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-5645", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-5645", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1078.003.", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-3172", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0629", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0629", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-3298", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-3298", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-6922", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-6922", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1769", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1769", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-7456", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-7456", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12464", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12464", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15393", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-15393", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9804", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9804", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11957", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-19735", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-1956", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-12520", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11219", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11219", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18872", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9819", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9819", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9819", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T11190", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7912", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7912", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7935", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7935", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-9938", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-9938", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-6367", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-6367", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1480", "attack-object-name": "Execution Guardrails", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-6367", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-2772", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-2772", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-5958", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-5958", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-5180", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-5180", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-5180", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11510", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11510", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11510", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7506", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552.004.", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7506", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1134.001.", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1701", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1701", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-6129", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-6129", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-6129", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-4051", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-4051", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-3056", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-4681", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-4681", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-4681", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1057", "attack-object-name": "Process Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-4681", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-4681", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": " T1480", "attack-object-name": "Execution Guardrails", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-4681", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-0158", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-0158", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-0158", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-0158", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-0158", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-0158", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-0158", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6418", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6418", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5902", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5902", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-7286", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-7286", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18935", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-18935", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-17026", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-17026", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13720", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13720", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11886", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11886", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-9206", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-9206", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8174", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8174", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8120", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8120", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-0798", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-0798", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-4656", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-4656", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-1409", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-1409", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2590", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2590", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2425", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2425", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-2817", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-2817", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0324", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0324", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0307", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0307", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-5211", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-5211", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-2471", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-2471", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-1493", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-1493", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0625", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0625", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0422", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0422", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-3402", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-3402", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1423", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1423", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1165", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1165", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1862", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1862", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1807", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1807", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1151", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1151", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1641", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1641", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1641", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11901", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11901", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11901", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-7256", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-7256", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1134.001.", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-7256", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-3714", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-3714", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-3714", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-0071", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-0071", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-0071", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4123", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4123", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4123", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0266", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0266", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0266", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1885", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1885", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1885", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-3459", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-3459", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-3459", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-13125", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-13125", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-13125", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-13125", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-7187", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-7187", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-7187", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-7187", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-3544", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-3544", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-3544", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-0034", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-0034", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-0034", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7756", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7756", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7756", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2426", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2426", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2426", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-0802", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2424", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-2539", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0022", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1518.001", "attack-object-name": "Security Software Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0022", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6703", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16759", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-15107", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1132", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-10973", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0880", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8611", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7602", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7600", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-2893", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-2628", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-1000861", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-0101", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-9841", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-8291", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-3881", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-3066", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-11774", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0199", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0005", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-9192", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-4902", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-0072", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-8551", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6287", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6120", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-5279", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-1809", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0050", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-7372", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-7102", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-5057", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-1289", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0641", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0632", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0631", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-2520", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-1723", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-1557", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-0874", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-2900", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-0096", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3916", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3653", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-0817", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-2265", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1308", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-5910", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-5910", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6974", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6974", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6974", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11738", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11738", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9380", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9380", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-10189", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-10189", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-2729", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-2729", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-2725", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-2725", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10611", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10611", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-18362", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-18362", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-5062", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-5062", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-6480", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-6480", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6293", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6293", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-6498", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-6498", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1505.003.", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-6498", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0295", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0295", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-9684", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-9684", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-7186", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-7186", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6277", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6277", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6271", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6271", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-1795", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-1795", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9459", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9459", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9459", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9459", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9459", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-1331", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-1331", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0640", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0640", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-0640", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-12637", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-12637", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-1904", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-1904", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11708", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11708", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11708", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-13126", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-13126", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-10271", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-10271", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-6909", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-6909", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6278", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6278", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-5326", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-5326", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-3041", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-3041", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11897", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11897", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11897", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11896", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11896", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11896", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7496", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7496", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-1001000", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-1001000", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-8540", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-8540", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0604", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0604", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19207", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19207", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-3413", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-3413", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-1675", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-1675", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-4862", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-4862", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-2894", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-2894", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-6081", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-6081", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-4106", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-4106", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15961", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15961", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15961", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-8562", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-8562", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-8562", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-8562", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3900", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3900", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1539", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1539", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3765", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3765", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-7235", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-7235", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-3015", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-3015", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-3015", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-1761", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-1761", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190. T1005", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-4335", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-4335", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-4335", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-9019", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-9019", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1202", "attack-object-name": "Indirect Command Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3893", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3893", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3893", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-9818", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1631", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1350", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0938", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-9791", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-1579", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11932", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0903", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0803", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8833", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8589", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7513", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-20838", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18956", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10376", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-5613", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-2404", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-12824", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-9299", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-2208", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-3864", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-7169", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-5334", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0593", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3897", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3163", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-2311", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-1856", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-3192", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-2005", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-4398", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-2568", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-2152", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1297", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-0842", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-0480", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1800", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1671", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-0824", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2008-2992", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-5638", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-5638", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1494", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1494", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1494", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1494", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6819", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-6819", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-10257", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-10257", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-15919", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-15919", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0222", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0222", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0149", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0149", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-9079", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-9079", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-7189", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-7189", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-3393", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-3393", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-5123", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-5123", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2502", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2502", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2419", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2419", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6332", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6332", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-1815", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-1815", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-2465", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-2465", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-2423", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-2423", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-3213", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-3213", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3971", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3971", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1136", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-1136", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-1776", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-1776", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-1776", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3918", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3918", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3918", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-2883", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-2883", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0601", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0601", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-10149", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-10149", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-20062", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-20062", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-6366", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-6366", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3396", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3396", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3396", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-20250", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-20250", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-8464", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-8464", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-11882", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-11882", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-11826", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-11826", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0261", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0261", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-6585", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-6585", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1642", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1642", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-0096", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-0096", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-7247", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-7247", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6352", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-6352", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-1331", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-1331", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1424", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-1424", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-0840", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-0840", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-4324", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-4324", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-0556", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-0556", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13510", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13510", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.001.", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7925", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1529", "attack-object-name": "System Shutdown/Reboot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7925", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7925", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": " T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7925", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13541", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13541", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13527", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13527", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-8570", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-8570", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0262", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0262", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-7193", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-7193", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2509", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2509", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0810", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0810", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3644", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3644", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3915", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3915", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3333", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3333", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-2862", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-2862", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-0028", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-0028", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-3129", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-3129", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-0927", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-0927", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1206", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-8543", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0176", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-2729", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2008-4250", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-14323", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-14323", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-14323", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0751", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0751", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0751", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0751", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0751", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0751", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-0751", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8414", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8414", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8414", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-8468", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-6112", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7755", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-0560", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-0560", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8337", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "TT1565", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8337", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8337", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-20753", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-13379", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-6415", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1404", "attack-object-name": "Exploit OS Vulnerability", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-7287", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1404", "attack-object-name": "Exploit OS Vulnerability", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1805", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-1805", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1409", "attack-object-name": "Access Stored Application Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-12817", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1456", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-4655", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1461", "attack-object-name": "Lockscreen Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0493", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1533", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-0493", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1477", "attack-object-name": "Exploit via Radio Interfaces", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-3568", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-9081", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-9081", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-9081", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11707", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-14934", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-2055", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-16115", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-8648", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-14059", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12888", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12655", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11884", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11668", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-16302", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-11869", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-21091", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-15454", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-14679", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-9142", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-10910", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-10810", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-1752", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12653", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12653", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11608", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11608", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004.", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-12769", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004.", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-4854", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4148", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4148", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4148", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4148", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-3088", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-3088", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-5576", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-5576", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1518", "attack-object-name": "Software Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-3351", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11651", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11651", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-11651", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5300", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-5300", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-5054", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-5054", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-7246", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-7246", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-14486", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-14486", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-5065", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-5065", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2008-0655", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2008-0655", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-5290", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-5290", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-4408", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13922", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7259", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-7259", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18641", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18641", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-14487", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-14487", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-14487", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T880", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-14487", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4077", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4077", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1553.002", "attack-object-name": "Code Signing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4077", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-0622", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-7931", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-3566", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-16179", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-16179", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-12258", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10299", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1020", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-1020", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-8759", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-8759", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-11847", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2017-11847", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3906", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3906", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-6467", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-6467", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6340", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-6340", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-4100", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0688", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2020-0688", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0708", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0708", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-10657", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2009-0238", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-11049", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-1854", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-0797", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8453", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-8440", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19320", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-7255", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-0728", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-0167", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2016-0165", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-6175", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2015-2546", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2014-4076", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-6282", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2013-3660", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2012-2319", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2011-1249", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3081", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-0232", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2008-3431", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3338", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2010-3338", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T812", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-14847", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-14847", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T828", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18665", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T828", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18667", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-18667", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T828", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17877", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-17877", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T828", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19831", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19831", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19831", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T828", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19830", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19830", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19830", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T828", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19833", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2018-19833", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T855", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13533", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T842", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-13533", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T873", "attack-object-name": "", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-10980", "mapping-type": "Uncategorized"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CVE-2019-10980", "mapping-type": "Uncategorized"}]} diff --git a/src/mappings_explorer/cli/parsed_mappings/nist/10.1/r4/parsed_nist800-53-r4-10_1mappings.json b/src/mappings_explorer/cli/parsed_mappings/nist/10.1/r4/parsed_nist800-53-r4-10_1mappings.json index 4800bbf8..5a3ece58 100644 --- a/src/mappings_explorer/cli/parsed_mappings/nist/10.1/r4/parsed_nist800-53-r4-10_1mappings.json +++ b/src/mappings_explorer/cli/parsed_mappings/nist/10.1/r4/parsed_nist800-53-r4-10_1mappings.json @@ -1 +1 @@ -{"metadata": {"mapping-version": "r4", "attack-version": "10.1", "technology-domain": "enterprise", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "NIST Security controls", "mapping-framework-version": ""}, "attack-objects": [{"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-24", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-24", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-24", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-25", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-25", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-25", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-38", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-38", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.004", "attack-object-name": "Domain Fronting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}]} \ No newline at end of file +{"metadata": {"mapping-version": "r4", "attack-version": "10.1", "technology-domain": "enterprise", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "NIST Security controls", "mapping-framework-version": ""}, "attack-objects": [{"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-24", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-24", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-24", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-25", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-25", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-25", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-38", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-38", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.004", "attack-object-name": "Domain Fronting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}]} diff --git a/src/mappings_explorer/cli/parsed_mappings/nist/10.1/r5/parsed_nist800-53-r5-10_1mappings.json b/src/mappings_explorer/cli/parsed_mappings/nist/10.1/r5/parsed_nist800-53-r5-10_1mappings.json index 7885752a..c22731a4 100644 --- a/src/mappings_explorer/cli/parsed_mappings/nist/10.1/r5/parsed_nist800-53-r5-10_1mappings.json +++ b/src/mappings_explorer/cli/parsed_mappings/nist/10.1/r5/parsed_nist800-53-r5-10_1mappings.json @@ -1 +1 @@ -{"metadata": {"mapping-version": "r5", "attack-version": "10.1", "technology-domain": "enterprise", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "NIST Security controls", "mapping-framework-version": ""}, "attack-objects": [{"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-38", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-38", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-43", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-43", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.004", "attack-object-name": "Domain Fronting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}]} \ No newline at end of file +{"metadata": {"mapping-version": "r5", "attack-version": "10.1", "technology-domain": "enterprise", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "NIST Security controls", "mapping-framework-version": ""}, "attack-objects": [{"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-38", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-38", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-43", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-43", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.004", "attack-object-name": "Domain Fronting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}]} diff --git a/src/mappings_explorer/cli/parsed_mappings/nist/12.1/r4/parsed_nist800-53-r4-12_1mappings.json b/src/mappings_explorer/cli/parsed_mappings/nist/12.1/r4/parsed_nist800-53-r4-12_1mappings.json index 08c04154..013c221e 100644 --- a/src/mappings_explorer/cli/parsed_mappings/nist/12.1/r4/parsed_nist800-53-r4-12_1mappings.json +++ b/src/mappings_explorer/cli/parsed_mappings/nist/12.1/r4/parsed_nist800-53-r4-12_1mappings.json @@ -1 +1 @@ -{"metadata": {"mapping-version": "r4", "attack-version": "12.1", "technology-domain": "enterprise", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "NIST Security controls", "mapping-framework-version": ""}, "attack-objects": [{"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-1", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-1", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.005", "attack-object-name": "Reversible Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1585.003", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1586.003", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1583.007", "attack-object-name": "Serverless", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1584.007", "attack-object-name": "Serverless", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-24", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-24", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-24", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-25", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-25", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-25", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.002", "attack-object-name": "Socket Filters", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.005", "attack-object-name": "Reversible Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.005", "attack-object-name": "Reversible Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-1", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-1", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1593.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1649", "attack-object-name": "Steal or Forge Authentication Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1593.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.010", "attack-object-name": "Process Argument Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1593.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1585.003", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1586.003", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1649", "attack-object-name": "Steal or Forge Authentication Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.005", "attack-object-name": "Reversible Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1649", "attack-object-name": "Steal or Forge Authentication Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-38", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-38", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1595.003", "attack-object-name": "Wordlist Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1583.007", "attack-object-name": "Serverless", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1584.007", "attack-object-name": "Serverless", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.004", "attack-object-name": "Domain Fronting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.007", "attack-object-name": "Dynamic API Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.008", "attack-object-name": "Stripped Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.009", "attack-object-name": "Embedded Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.015", "attack-object-name": "ListPlanting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.007", "attack-object-name": "Dynamic API Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.008", "attack-object-name": "Stripped Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.009", "attack-object-name": "Embedded Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.007", "attack-object-name": "Dynamic API Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.008", "attack-object-name": "Stripped Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.009", "attack-object-name": "Embedded Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.002", "attack-object-name": "Socket Filters", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.010", "attack-object-name": "Process Argument Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.007", "attack-object-name": "Dynamic API Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.008", "attack-object-name": "Stripped Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.009", "attack-object-name": "Embedded Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.010", "attack-object-name": "Process Argument Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}]} \ No newline at end of file +{"metadata": {"mapping-version": "r4", "attack-version": "12.1", "technology-domain": "enterprise", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "NIST Security controls", "mapping-framework-version": ""}, "attack-objects": [{"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-1", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-1", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.005", "attack-object-name": "Reversible Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1585.003", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1586.003", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1583.007", "attack-object-name": "Serverless", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1584.007", "attack-object-name": "Serverless", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-24", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-24", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-24", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-25", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-25", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-25", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.002", "attack-object-name": "Socket Filters", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.005", "attack-object-name": "Reversible Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.005", "attack-object-name": "Reversible Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-1", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-1", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1593.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1649", "attack-object-name": "Steal or Forge Authentication Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1593.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.010", "attack-object-name": "Process Argument Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1593.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1585.003", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1586.003", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1649", "attack-object-name": "Steal or Forge Authentication Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.005", "attack-object-name": "Reversible Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1649", "attack-object-name": "Steal or Forge Authentication Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-38", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-38", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1595.003", "attack-object-name": "Wordlist Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1583.007", "attack-object-name": "Serverless", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1584.007", "attack-object-name": "Serverless", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.004", "attack-object-name": "Domain Fronting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.007", "attack-object-name": "Dynamic API Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.008", "attack-object-name": "Stripped Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.009", "attack-object-name": "Embedded Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.015", "attack-object-name": "ListPlanting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.007", "attack-object-name": "Dynamic API Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.008", "attack-object-name": "Stripped Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.009", "attack-object-name": "Embedded Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.007", "attack-object-name": "Dynamic API Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.008", "attack-object-name": "Stripped Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.009", "attack-object-name": "Embedded Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.002", "attack-object-name": "Socket Filters", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.010", "attack-object-name": "Process Argument Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.007", "attack-object-name": "Dynamic API Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.008", "attack-object-name": "Stripped Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.009", "attack-object-name": "Embedded Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.010", "attack-object-name": "Process Argument Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}]} diff --git a/src/mappings_explorer/cli/parsed_mappings/nist/12.1/r5/parsed_nist800-53-r5-12_1mappings.json b/src/mappings_explorer/cli/parsed_mappings/nist/12.1/r5/parsed_nist800-53-r5-12_1mappings.json index cb50f065..e09f9617 100644 --- a/src/mappings_explorer/cli/parsed_mappings/nist/12.1/r5/parsed_nist800-53-r5-12_1mappings.json +++ b/src/mappings_explorer/cli/parsed_mappings/nist/12.1/r5/parsed_nist800-53-r5-12_1mappings.json @@ -1 +1 @@ -{"metadata": {"mapping-version": "r5", "attack-version": "12.1", "technology-domain": "enterprise", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "NIST Security controls", "mapping-framework-version": ""}, "attack-objects": [{"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-1", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-1", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.005", "attack-object-name": "Reversible Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1585.003", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1586.003", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1583.007", "attack-object-name": "Serverless", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1584.007", "attack-object-name": "Serverless", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.002", "attack-object-name": "Socket Filters", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.005", "attack-object-name": "Reversible Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.005", "attack-object-name": "Reversible Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-1", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-1", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1593.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1649", "attack-object-name": "Steal or Forge Authentication Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1593.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.010", "attack-object-name": "Process Argument Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1593.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1585.003", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1586.003", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1649", "attack-object-name": "Steal or Forge Authentication Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.005", "attack-object-name": "Reversible Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1649", "attack-object-name": "Steal or Forge Authentication Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-38", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-38", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1595.003", "attack-object-name": "Wordlist Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-43", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-43", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1583.007", "attack-object-name": "Serverless", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1584.007", "attack-object-name": "Serverless", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.004", "attack-object-name": "Domain Fronting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.007", "attack-object-name": "Dynamic API Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.008", "attack-object-name": "Stripped Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.009", "attack-object-name": "Embedded Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.007", "attack-object-name": "Dynamic API Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.008", "attack-object-name": "Stripped Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.009", "attack-object-name": "Embedded Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.015", "attack-object-name": "ListPlanting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.007", "attack-object-name": "Dynamic API Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.008", "attack-object-name": "Stripped Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.009", "attack-object-name": "Embedded Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.010", "attack-object-name": "Process Argument Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.002", "attack-object-name": "Socket Filters", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.007", "attack-object-name": "Dynamic API Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.008", "attack-object-name": "Stripped Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.009", "attack-object-name": "Embedded Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.010", "attack-object-name": "Process Argument Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}]} \ No newline at end of file +{"metadata": {"mapping-version": "r5", "attack-version": "12.1", "technology-domain": "enterprise", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "NIST Security controls", "mapping-framework-version": ""}, "attack-objects": [{"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-1", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-1", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.005", "attack-object-name": "Reversible Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1585.003", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1586.003", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1583.007", "attack-object-name": "Serverless", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1584.007", "attack-object-name": "Serverless", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.002", "attack-object-name": "Socket Filters", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.005", "attack-object-name": "Reversible Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.005", "attack-object-name": "Reversible Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-1", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-1", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1593.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1649", "attack-object-name": "Steal or Forge Authentication Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1593.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AU-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.010", "attack-object-name": "Process Argument Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.005", "attack-object-name": "Device Registration", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1593.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.006", "attack-object-name": "Multi-Factor Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.007", "attack-object-name": "Hybrid Identity", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1585.003", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1586.003", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1649", "attack-object-name": "Steal or Forge Authentication Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.005", "attack-object-name": "Reversible Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1621", "attack-object-name": "Multi-Factor Authentication Request Generation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1649", "attack-object-name": "Steal or Forge Authentication Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-38", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-38", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1595.003", "attack-object-name": "Wordlist Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-43", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-43", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1583.007", "attack-object-name": "Serverless", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1584.007", "attack-object-name": "Serverless", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.004", "attack-object-name": "Domain Fronting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.007", "attack-object-name": "Dynamic API Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.008", "attack-object-name": "Stripped Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.009", "attack-object-name": "Embedded Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.007", "attack-object-name": "Dynamic API Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.008", "attack-object-name": "Stripped Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.009", "attack-object-name": "Embedded Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.015", "attack-object-name": "ListPlanting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.010", "attack-object-name": "Downgrade Attack", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.007", "attack-object-name": "Double File Extension", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.007", "attack-object-name": "Dynamic API Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.008", "attack-object-name": "Stripped Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.009", "attack-object-name": "Embedded Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.005", "attack-object-name": "Terminal Services DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.003", "attack-object-name": "XPC Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.010", "attack-object-name": "Process Argument Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1648", "attack-object-name": "Serverless Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.002", "attack-object-name": "Socket Filters", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.009", "attack-object-name": "Safe Mode Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.008", "attack-object-name": "Email Hiding Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.009", "attack-object-name": "Resource Forking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.007", "attack-object-name": "Dynamic API Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.008", "attack-object-name": "Stripped Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.009", "attack-object-name": "Embedded Payloads", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.007", "attack-object-name": "Clear Network Connection History and Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.008", "attack-object-name": "Clear Mailbox Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.009", "attack-object-name": "Clear Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.010", "attack-object-name": "Process Argument Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.013", "attack-object-name": "KernelCallbackTable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1647", "attack-object-name": "Plist File Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.004", "attack-object-name": "IIS Components", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}]} diff --git a/src/mappings_explorer/cli/parsed_mappings/nist/8.2/r4/parsed_nist800-53-r4-8_2mappings.json b/src/mappings_explorer/cli/parsed_mappings/nist/8.2/r4/parsed_nist800-53-r4-8_2mappings.json index fdd31983..59e8f24f 100644 --- a/src/mappings_explorer/cli/parsed_mappings/nist/8.2/r4/parsed_nist800-53-r4-8_2mappings.json +++ b/src/mappings_explorer/cli/parsed_mappings/nist/8.2/r4/parsed_nist800-53-r4-8_2mappings.json @@ -1 +1 @@ -{"metadata": {"mapping-version": "r4", "attack-version": "8.2", "technology-domain": "enterprise", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "NIST Security controls", "mapping-framework-version": ""}, "attack-objects": [{"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "LD_PRELOAD", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "PL-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "PL-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.004", "attack-object-name": "Domain Fronting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "LD_PRELOAD", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "LD_PRELOAD", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}]} \ No newline at end of file +{"metadata": {"mapping-version": "r4", "attack-version": "8.2", "technology-domain": "enterprise", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "NIST Security controls", "mapping-framework-version": ""}, "attack-objects": [{"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "LD_PRELOAD", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "PL-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "PL-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.004", "attack-object-name": "Domain Fronting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "LD_PRELOAD", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "LD_PRELOAD", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}]} diff --git a/src/mappings_explorer/cli/parsed_mappings/nist/8.2/r5/parsed_nist800-53-r5-8_2mappings.json b/src/mappings_explorer/cli/parsed_mappings/nist/8.2/r5/parsed_nist800-53-r5-8_2mappings.json index e4407921..1c3a1d0e 100644 --- a/src/mappings_explorer/cli/parsed_mappings/nist/8.2/r5/parsed_nist800-53-r5-8_2mappings.json +++ b/src/mappings_explorer/cli/parsed_mappings/nist/8.2/r5/parsed_nist800-53-r5-8_2mappings.json @@ -1 +1 @@ -{"metadata": {"mapping-version": "r5", "attack-version": "8.2", "technology-domain": "enterprise", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "NIST Security controls", "mapping-framework-version": ""}, "attack-objects": [{"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "LD_PRELOAD", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "PL-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "PL-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.004", "attack-object-name": "Domain Fronting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "LD_PRELOAD", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "LD_PRELOAD", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}]} \ No newline at end of file +{"metadata": {"mapping-version": "r5", "attack-version": "8.2", "technology-domain": "enterprise", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "NIST Security controls", "mapping-framework-version": ""}, "attack-objects": [{"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "LD_PRELOAD", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "PL-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "PL-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.004", "attack-object-name": "Domain Fronting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "LD_PRELOAD", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Rc.common", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "LD_PRELOAD", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}]} diff --git a/src/mappings_explorer/cli/parsed_mappings/nist/9.0/r4/parsed_nist800-53-r4-9_0mappings.json b/src/mappings_explorer/cli/parsed_mappings/nist/9.0/r4/parsed_nist800-53-r4-9_0mappings.json index 8257f14e..cc47187f 100644 --- a/src/mappings_explorer/cli/parsed_mappings/nist/9.0/r4/parsed_nist800-53-r4-9_0mappings.json +++ b/src/mappings_explorer/cli/parsed_mappings/nist/9.0/r4/parsed_nist800-53-r4-9_0mappings.json @@ -1 +1 @@ -{"metadata": {"mapping-version": "r4", "attack-version": "9.0", "technology-domain": "enterprise", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "NIST Security controls", "mapping-framework-version": ""}, "attack-objects": [{"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-24", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-24", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-24", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-25", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-25", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-25", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.004", "attack-object-name": "Domain Fronting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}]} \ No newline at end of file +{"metadata": {"mapping-version": "r4", "attack-version": "9.0", "technology-domain": "enterprise", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "NIST Security controls", "mapping-framework-version": ""}, "attack-objects": [{"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-24", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-24", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-24", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-25", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-25", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-25", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-13", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.004", "attack-object-name": "Domain Fronting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}]} diff --git a/src/mappings_explorer/cli/parsed_mappings/nist/9.0/r5/parsed_nist800-53-r5-9_0mappings.json b/src/mappings_explorer/cli/parsed_mappings/nist/9.0/r5/parsed_nist800-53-r5-9_0mappings.json index b6f8ae40..46111274 100644 --- a/src/mappings_explorer/cli/parsed_mappings/nist/9.0/r5/parsed_nist800-53-r5-9_0mappings.json +++ b/src/mappings_explorer/cli/parsed_mappings/nist/9.0/r5/parsed_nist800-53-r5-9_0mappings.json @@ -1 +1 @@ -{"metadata": {"mapping-version": "r5", "attack-version": "9.0", "technology-domain": "enterprise", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "NIST Security controls", "mapping-framework-version": ""}, "attack-objects": [{"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "PL-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-43", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.004", "attack-object-name": "Domain Fronting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}]} \ No newline at end of file +{"metadata": {"mapping-version": "r5", "attack-version": "9.0", "technology-domain": "enterprise", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "NIST Security controls", "mapping-framework-version": ""}, "attack-objects": [{"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-14", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-19", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "AC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "CM-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "CP-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "IA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "MP-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "PL-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "RA-9", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SA-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-17", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-18", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-20", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-21", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-22", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-26", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-28", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-29", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-30", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-31", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-34", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-35", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-36", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-37", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-39", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-41", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-43", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-44", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-46", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.004", "attack-object-name": "Domain Fronting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SC-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-10", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-12", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-15", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-16", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-2", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-23", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-3", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.006", "attack-object-name": "Dynamic Linker Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-7", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "SI-8", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-11", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-4", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-5", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "SR-6", "mapping-type": "mitigates"}]} diff --git a/src/mappings_explorer/cli/parsed_mappings/security_stack/AWS/parsed_AWS.json b/src/mappings_explorer/cli/parsed_mappings/security_stack/AWS/parsed_AWS.json index 411b9e9c..6077cb8c 100644 --- a/src/mappings_explorer/cli/parsed_mappings/security_stack/AWS/parsed_AWS.json +++ b/src/mappings_explorer/cli/parsed_mappings/security_stack/AWS/parsed_AWS.json @@ -1 +1 @@ -{"metadata": {"mapping-version": 1, "attack-version": 9, "technology-domain": "enterprise", "author": "", "contact": "ctid@mitre-engenuity.org", "creation-date": "07/22/2021", "last-update": "", "organization": "", "mapping-framework": "AWS", "mapping-framework-version": ""}, "attack-objects": [{"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "AWS RDS supports the encryption of database instances using the AES-256 encryption algorithm. This can protect database instances from being modified at rest. Furthermore, AWS RDS supports TLS/SSL connections which protect data from being modified during transit. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1565"}, {"comments": "AWS RDS supports the replication and recovery of database instances. In the event that data is manipulated, AWS RDS can be used to restore the database instance to a previous point in time. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1565"}, {"comments": "AWS RDS supports the encryption of database instances using the AES-256 encryption algorithm. This can protect database instances from being modified at rest. Furthermore, AWS RDS supports TLS/SSL connections which protect data from being modified during transit. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1565"}, {"comments": "AWS RDS supports the replication and recovery of database instances. In the event that data is manipulated, AWS RDS can be used to restore the database instance to a previous point in time. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1565"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS RDS supports the replication and recovery of database instances. In the event that a database instance is deleted during a disk wipe, AWS RDS can be used to restore the database instance to a previous point in time. However, this mapping is only given a score of Partial because AWS RDS only provides a backup of the database instance and not the underlying system that it is hosted on.", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Minimal", "related-score": "T1561"}, {"comments": "AWS RDS supports the replication and recovery of database instances. In the event that a database instance is deleted during a disk wipe, AWS RDS can be used to restore the database instance to a previous point in time. However, this mapping is only given a score of Partial because AWS RDS only provides a backup of the database instance and not the underlying system that it is hosted on.", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Minimal", "related-score": "T1561"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1529", "attack-object-name": "System Shutdown/Reboot", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1020", "attack-object-name": "Automated Exfiltration", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure SSL/TLS encryption is enabled to protect network traffic: \"acm-certificate-expiration-check\" for nearly expired certificates in AWS Certificate Manager (ACM); \"alb-http-to-https-redirection-check\" for Application Load Balancer (ALB) HTTP listeners; \"api-gw-ssl-enabled\" for API Gateway REST API stages; \"cloudfront-custom-ssl-certificate\", \"cloudfront-sni-enabled\", and \"cloudfront-viewer-policy-https\", for Amazon CloudFront distributions; \"elb-acm-certificate-required\", \"elb-custom-security-policy-ssl-check\", \"elb-predefined-security-policy-ssl-check\", and \"elb-tls-https-listeners-only\" for Elastic Load Balancing (ELB) Classic Load Balancer listeners; \"redshift-require-tls-ssl\" for Amazon Redshift cluster connections to SQL clients; \"s3-bucket-ssl-requests-only\" for requests for S3 bucket contents; and \"elasticsearch-node-to-node-encryption-check\" for Amazon ElasticSearch Service node-to-node communications.\nAll of these are run on configuration changes except \"alb-http-to-https-redirection-check\", which is run periodically. Coverage factor is partial for these rules, since they are specific to a subset of the available AWS services and can only mitigate behavior for adversaries who are unable to decrypt the relevant traffic, resulting in an overall score of Partial.", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1020"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The \"eks-endpoint-no-public-access\" managed rule can identify whether Amazon Elastic Kubernetes Service (Amazon EKS) endpoints are misconfigured to allow public endpoint access, which should be fixed in order to prevent malicious external access to the Kubernetes API server, including malicious attempts to create or modify orchestration jobs. It is run periodically and only provides partial coverage because it is specific to public access, resulting in an overall score of Partial.", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1053"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure multi-factor authentication (MFA) is enabled properly, which can provide protection against attempted misuse of cloud accounts: \"iam-user-mfa-enabled\", \"mfa-enabled-for-iam-console-access\", \"root-account-hardware-mfa-enabled\", and \"root-account-mfa-enabled\". All of these controls are run periodically.\nThe following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure that appropriate AWS Identity and Access Management (IAM) policies are in place to enforce fine-grained access policies and mitigate the impact of compromised valid accounts: \"iam-customer-policy-blocked-kms-actions\", \"iam-inline-policy-blocked-kms-actions\", \"iam-no-inline-policy-check\", \"iam-group-has-users-check\", \"iam-policy-blacklisted-check\", \"iam-policy-no-statements-with-admin-access\", \"iam-policy-no-statements-with-full-access\", \"iam-role-managed-policy-check\", \"iam-user-group-membership-check\", \"iam-user-no-policies-check\", and \"ec2-instance-profile-attached\" are run on configuration changes. \"iam-password-policy\", \"iam-policy-in-use\", \"iam-root-access-key-check\", \"iam-user-mfa-enabled\", \"iam-user-unused-credentials-check\", and \"mfa-enabled-for-iam-console-access\" are run periodically. The \"access-keys-rotated\" managed rule ensures that IAM access keys are rotated at an appropriate rate.\nGiven that these rules provide robust coverage for a variety of IAM configuration problems and most are evaluated on configuration changes, they result in an overall score of Significant.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1078"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure multi-factor authentication (MFA) is enabled properly, which can provide protection against attempted manipulation of cloud accounts: \"iam-user-mfa-enabled\", \"mfa-enabled-for-iam-console-access\", \"root-account-hardware-mfa-enabled\", and \"root-account-mfa-enabled\". All of these controls are run periodically and provide partial coverage, since adversaries may be able to manipulate cloud credentials via other mechanisms, resulting in an overall score of Partial.", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1098"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "The following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure multi-factor authentication (MFA) is enabled properly, which can significantly impede brute force authentication attempts by requiring adversaries to provide a second form of authentication even if they succeed in brute forcing a password via one of these sub-techniques: \"iam-user-mfa-enabled\", \"mfa-enabled-for-iam-console-access\", \"root-account-hardware-mfa-enabled\", and \"root-account-mfa-enabled\".\nThe \"iam-password-policy\" managed rule can identify insufficient password requirements that should be fixed in order to make brute force authentication more difficult by increasing the complexity of user passwords and decreasing the amount of time before they are rotated, giving adversaries less time to brute force passwords and making it more time consuming and resource intensive to do so. This is especially important in the case of Password Cracking, since adversaries in possession of password hashes may be able to recover usable credentials more quickly and do so without generating detectable noise via invalid login attempts.\nAll of these controls are run periodically, but implemented policies are enforced continuously once set and coverage factor is significant, resulting in an overall score of Significant.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "The following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure multi-factor authentication (MFA) is enabled properly, which can significantly impede brute force authentication attempts by requiring adversaries to provide a second form of authentication even if they succeed in brute forcing a password via one of these sub-techniques: \"iam-user-mfa-enabled\", \"mfa-enabled-for-iam-console-access\", \"root-account-hardware-mfa-enabled\", and \"root-account-mfa-enabled\".\nThe \"iam-password-policy\" managed rule can identify insufficient password requirements that should be fixed in order to make brute force authentication more difficult by increasing the complexity of user passwords and decreasing the amount of time before they are rotated, giving adversaries less time to brute force passwords and making it more time consuming and resource intensive to do so. This is especially important in the case of Password Cracking, since adversaries in possession of password hashes may be able to recover usable credentials more quickly and do so without generating detectable noise via invalid login attempts.\nAll of these controls are run periodically, but implemented policies are enforced continuously once set and coverage factor is significant, resulting in an overall score of Significant.", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "The following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure multi-factor authentication (MFA) is enabled properly, which can significantly impede brute force authentication attempts by requiring adversaries to provide a second form of authentication even if they succeed in brute forcing a password via one of these sub-techniques: \"iam-user-mfa-enabled\", \"mfa-enabled-for-iam-console-access\", \"root-account-hardware-mfa-enabled\", and \"root-account-mfa-enabled\".\nThe \"iam-password-policy\" managed rule can identify insufficient password requirements that should be fixed in order to make brute force authentication more difficult by increasing the complexity of user passwords and decreasing the amount of time before they are rotated, giving adversaries less time to brute force passwords and making it more time consuming and resource intensive to do so. This is especially important in the case of Password Cracking, since adversaries in possession of password hashes may be able to recover usable credentials more quickly and do so without generating detectable noise via invalid login attempts.\nAll of these controls are run periodically, but implemented policies are enforced continuously once set and coverage factor is significant, resulting in an overall score of Significant.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "The following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure multi-factor authentication (MFA) is enabled properly, which can significantly impede brute force authentication attempts by requiring adversaries to provide a second form of authentication even if they succeed in brute forcing a password via one of these sub-techniques: \"iam-user-mfa-enabled\", \"mfa-enabled-for-iam-console-access\", \"root-account-hardware-mfa-enabled\", and \"root-account-mfa-enabled\".\nThe \"iam-password-policy\" managed rule can identify insufficient password requirements that should be fixed in order to make brute force authentication more difficult by increasing the complexity of user passwords and decreasing the amount of time before they are rotated, giving adversaries less time to brute force passwords and making it more time consuming and resource intensive to do so. This is especially important in the case of Password Cracking, since adversaries in possession of password hashes may be able to recover usable credentials more quickly and do so without generating detectable noise via invalid login attempts.\nAll of these controls are run periodically, but implemented policies are enforced continuously once set and coverage factor is significant, resulting in an overall score of Significant.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure multi-factor authentication (MFA) is enabled properly, which can provide significant protection against attempted manipulation of cloud accounts, including the creation of new ones: \"iam-user-mfa-enabled\", \"mfa-enabled-for-iam-console-access\", \"root-account-hardware-mfa-enabled\", and \"root-account-mfa-enabled\". All of these controls are run periodically and provide partial coverage, since adversaries may be able to create cloud credentials via other mechanisms, resulting in an overall score of Partial.", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1136"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following AWS Config managed rules can identify running instances that are not using AMIs within a specified allow list: \"approved-amis-by-id\" and \"approved-amis-by-tag\", both of which are run on configuration changes. They provide significant coverage, resulting in an overall score of Significant.", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1204"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "The following AWS Config managed rules can identify configuration problems that should be fixed in order to prevent malicious write access to data within Amazon Simple Storage Service (S3) storage, which may include internal and/or external defacement: \"s3-bucket-blacklisted-actions-prohibited\" checks whether bucket policies prohibit disallowed actions (including encryption configuration changes) for principals from other AWS accounts, \"s3-bucket-default-lock-enabled\" checks whether a bucket that should be locked in write-once-read-many (WORM) mode is configured to prevent modification, and \"s3-bucket-public-write-prohibited\" checks whether a bucket is configured to allow public access and modification. All of these controls are run on configuration changes.\nThe following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure backups and redundancy are in place which can mitigate the effects of malicious defacement: \"aurora-mysql-backtracking-enabled\" for data in Aurora MySQL; \"db-instance-backup-enabled\" and \"rds-in-backup-plan\" for Amazon Relational Database Service (RDS) data; \"dynamodb-in-backup-plan\" and \"dynamodb-pitr-enabled\" for Amazon DynamoDB table contents; \"ebs-in-backup-plan\" for Elastic Block Store (EBS) volumes; \"efs-in-backup-plan\" for Amazon Elastic File System (EFS) file systems; \"elasticache-redis-cluster-automatic-backup-check\" for Amazon ElastiCache Redis cluster data; \"redshift-backup-enabled\" and \"redshift-cluster-maintenancesettings-check\" for Redshift; \"s3-bucket-replication-enabled\" and \"s3-bucket-versioning-enabled\" for S3 storage; and \"cloudfront-origin-failover-enabled\" for CloudFront.\nCoverage factor is significant for these rules, since they cover a wide range of services used to host content for websites within AWS, resulting in an overall score of Significant.", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1491"}, {"comments": "The following AWS Config managed rules can identify configuration problems that should be fixed in order to prevent malicious write access to data within Amazon Simple Storage Service (S3) storage, which may include internal and/or external defacement: \"s3-bucket-blacklisted-actions-prohibited\" checks whether bucket policies prohibit disallowed actions (including encryption configuration changes) for principals from other AWS accounts, \"s3-bucket-default-lock-enabled\" checks whether a bucket that should be locked in write-once-read-many (WORM) mode is configured to prevent modification, and \"s3-bucket-public-write-prohibited\" checks whether a bucket is configured to allow public access and modification. All of these controls are run on configuration changes.\nThe following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure backups and redundancy are in place which can mitigate the effects of malicious defacement: \"aurora-mysql-backtracking-enabled\" for data in Aurora MySQL; \"db-instance-backup-enabled\" and \"rds-in-backup-plan\" for Amazon Relational Database Service (RDS) data; \"dynamodb-in-backup-plan\" and \"dynamodb-pitr-enabled\" for Amazon DynamoDB table contents; \"ebs-in-backup-plan\" for Elastic Block Store (EBS) volumes; \"efs-in-backup-plan\" for Amazon Elastic File System (EFS) file systems; \"elasticache-redis-cluster-automatic-backup-check\" for Amazon ElastiCache Redis cluster data; \"redshift-backup-enabled\" and \"redshift-cluster-maintenancesettings-check\" for Redshift; \"s3-bucket-replication-enabled\" and \"s3-bucket-versioning-enabled\" for S3 storage; and \"cloudfront-origin-failover-enabled\" for CloudFront.\nCoverage factor is significant for these rules, since they cover a wide range of services used to host content for websites within AWS, resulting in an overall score of Significant.", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1491"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The \"elb-cross-zone-load-balancing-enabled\" managed rule can verify that load balancing is properly configured, which can mitigate adversaries' ability to perform Denial of Service (DoS) attacks and impact resource availability. \"cloudfront-origin-failover-enabled\" can verify that failover policies are in place to increase CloudFront content availability.\nCoverage factor is minimal for these rules, since they are specific to a subset of the available AWS services, resulting in an overall score of Minimal.", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1498"}, {"comments": "The \"elb-cross-zone-load-balancing-enabled\" managed rule can verify that load balancing is properly configured, which can mitigate adversaries' ability to perform Denial of Service (DoS) attacks and impact resource availability. \"cloudfront-origin-failover-enabled\" can verify that failover policies are in place to increase CloudFront content availability.\nCoverage factor is minimal for these rules, since they are specific to a subset of the available AWS services, resulting in an overall score of Minimal.", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1498"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The \"elb-cross-zone-load-balancing-enabled\" managed rule can verify that load balancing is properly configured, which can mitigate adversaries' ability to perform Denial of Service (DoS) attacks and impact resource availability. \"cloudfront-origin-failover-enabled\" can verify that failover policies are in place to increase CloudFront content availability.\nCoverage factor is minimal for these rules, since they are specific to a subset of the available AWS services, resulting in an overall score of Minimal.", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1499"}, {"comments": "The \"elb-cross-zone-load-balancing-enabled\" managed rule can verify that load balancing is properly configured, which can mitigate adversaries' ability to perform Denial of Service (DoS) attacks and impact resource availability. \"cloudfront-origin-failover-enabled\" can verify that failover policies are in place to increase CloudFront content availability.\nCoverage factor is minimal for these rules, since they are specific to a subset of the available AWS services, resulting in an overall score of Minimal.", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1499"}, {"comments": "The \"elb-cross-zone-load-balancing-enabled\" managed rule can verify that load balancing is properly configured, which can mitigate adversaries' ability to perform Denial of Service (DoS) attacks and impact resource availability. \"cloudfront-origin-failover-enabled\" can verify that failover policies are in place to increase CloudFront content availability.\nCoverage factor is minimal for these rules, since they are specific to a subset of the available AWS services, resulting in an overall score of Minimal.", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1499"}, {"comments": "The \"elb-cross-zone-load-balancing-enabled\" managed rule can verify that load balancing is properly configured, which can mitigate adversaries' ability to perform Denial of Service (DoS) attacks and impact resource availability. \"cloudfront-origin-failover-enabled\" can verify that failover policies are in place to increase CloudFront content availability.\nCoverage factor is minimal for these rules, since they are specific to a subset of the available AWS services, resulting in an overall score of Minimal.", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1499"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The following AWS Config managed rules can identify configuration problems that should be fixed in order to prevent malicious access of data within Amazon Simple Storage Service (S3) storage, which may include files containing credentials: \"s3-account-level-public-access-blocks\", \"s3-bucket-level-public-access-prohibited\", \"s3-bucket-public-read-prohibited\", \"s3-bucket-policy-not-more-permissive\", \"cloudfront-origin-access-identity-enabled\", and \"cloudfront-default-root-object-configured\" identify objects that are publicly available or subject to overly permissive access policies; and \"s3-bucket-policy-grantee-check\" checks whether bucket policies appropriately control which AWS principals, federated users, service principals, IP addresses, and VPCs have access. All of these controls are run on configuration changes.\nThe following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure that cloud storage data - which may include files containing credentials - are encrypted to prevent malicious access: \"s3-bucket-server-side-encryption-enabled\" and \"s3-default-encryption-kms\" for S3 storage, \"ec2-ebs-encryption-by-default\" and \"encrypted-volumes\" for EBS volumes.\nCoverage factor is partial for these rules, since they are specific to a subset of the available AWS services, resulting in an overall score of Partial.", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1552"}, {"comments": "The \"ec2-imdsv2-check\" managed rule can identify instances which are configured to use the outdated Instance Metadata Service Version 1 (IMDSv1), which is less secure than IMDSv2. This provides partial coverage, since adversaries may find ways to exploit the more secure IMDSv2, resulting in an overall score of Partial.", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1552"}, {"comments": "The \"eks-endpoint-no-public-access\" managed rule can identify whether Amazon Elastic Kubernetes Service (Amazon EKS) endpoints are misconfigured to allow public endpoint access, which should be fixed in order to prevent malicious external access to the Kubernetes API server, including malicious attempts to gather credentials via the API. The \"eks-secrets-encrypted\" managed rule can identify configuration problems that should be fixed in order to ensure that Kubernetes secrets (including those containing credentials) are encrypted to prevent malicious access. Both controls are run periodically and only provide partial coverage because they are specific to public access and adversaries without the ability to decrypt secrets, respectively, resulting in an overall score of Partial.", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1552"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The \"ec2-managedinstance-applications-required\" managed rule verifies that all applications in a pre-defined list of requirements are installed on specified managed instances, and is run on configuration changes. It will not detect modification to those applications, but will detect if they are uninstalled. The \"ec2-managedinstance-applications-blacklisted\" managed rule verifies that a pre-defined list of applications are not installed on specified managed instances, and can be used to detect installation of applications below a minimum version, which can identify adversary attempts to downgrade required tools to insecure or ineffective older versions. Given the host-based scoping of this technique, coverage is partial, resulting in an overall score of Partial.", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1562"}, {"comments": "The following AWS Config managed rules can identify potentially malicious changes to cloud firewall status and ensure that a WAF is enabled and enforcing specified ACLs: \"lab-waf-enabled\" for Application Load Balancers; \"api-gw-associated-with-waf\" for Amazon API Gateway API stages; \"cloudfront-associated-with-waf\" for Amazon CloudFront distributions; \"fms-webacl-resource-policy-check\", \"fms-webacl-resource-policy-check\", and \"fms-webacl-rulegroup-association-check\" for AWS Firewall Manager; \"vpc-default-security-group-closed\", \"vpc-network-acl-unused-check\", and \"vpc-sg-open-only-to-authorized-ports\" for VPC security groups; and \"ec2-security-group-attached-to-eni\" for EC2 and ENI security groups; all of which are run on configuration changes.\nThe following AWS Config managed rules can identify specific configuration changes to VPC configuration that may suggest malicious modification to bypass protections: \"internet-gateway-authorized-vpc-only\" can identify Internet gateways (IGWs) attached to unauthorized VPCs, which can allow unwanted communication between a VPC and the Internet; \"lambda-inside-vpc\" can identify VPCs that have granted execution access to unauthorized Lambda functions; \"service-vpc-endpoint-enabled\" can verify that endpoints are active for the appropriate services across VPCs; \"subnet-auto-assign-public-ip-disabled\" checks for public IP addresses assigned to subnets within VPCs.\nCoverage factor is significant for these rules, since they cover firewall configuration for and via a wide range of services, resulting in an overall score of Significant.", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1562"}, {"comments": "The following AWS Config managed rules can identify potentially malicious changes to cloud logging: \"api-gw-execution-logging-enabled\", \"cloudfront-accesslogs-enabled\", \"elasticsearch-logs-to-cloudwatch\", \"elb-logging-enabled\", \"redshift-cluster-configuration-check\", \"rds-logging-enabled\", and \"s3-bucket-logging-enabled\" are run on configuration changes. \"cloudtrail-security-trail-enabled\", \"cloud-trail-cloud-watch-logs-enabled\", \"cloudtrail-s3-dataevents-enabled\", \"vpc-flow-logs-enabled\", \"waf-classic-logging-enabled\", and \"wafv2-logging-enabled\" are run periodically.\nCoverage factor is significant for these rules, since they cover logging configuration for a wide range of services, resulting in an overall score of Significant.", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1562"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The S3 server access logging feature was not mapped because it was deemed to be a data source that can be used with other detective controls rather than a security control in of itself.", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.aws.amazon.com/AmazonS3/latest/userguide/Welcome.html"], "tags": ["Storage"], "mapping-description": "", "capability-id": "AWS S3", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "The S3 server access logging feature was not mapped because it was deemed to be a data source that can be used with other detective controls rather than a security control in of itself.", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.aws.amazon.com/AmazonS3/latest/userguide/Welcome.html"], "tags": ["Storage"], "mapping-description": "", "capability-id": "AWS S3", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "There are a few finding types offered by GuardDuty that flag this behavior: Recon:EC2/PortProbeEMRUnprotectedPort, Recon:EC2/PortProbeUnprotectedPort, Recon:EC2/Portscan, Impact:EC2/PortSweep.", "attack-object-id": "T1595.001", "attack-object-name": "Scanning IP Blocks", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "There are finding types that show when an EC2 instance is probing other AWS resources for information. Recon:EC2/PortProbeEMRUnprotectedPort, Recon:EC2/PortProbeUnprotectedPort, Recon:EC2/Portscan, Impact:EC2/PortSweep", "attack-object-id": "T1595.002", "attack-object-name": "Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The domain associated with phishing can be delivered by various means these sub-techniques are added to the mapping and scoring of this Security service.", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1566"}, {"comments": "The domain associated with phishing can be delivered by various means these sub-techniques are added to the mapping and scoring of this Security service.", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1566"}, {"comments": "The domain associated with phishing can be delivered by various means these sub-techniques are added to the mapping and scoring of this Security service.", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1566"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Listed findings above flag instances where there are indications of account compromise.", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "Listed findings above flag instances where there are indications of account compromise.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The Persistence:IAMUser/AnomalousBehavior finding can detect anomalous API requests that can be used by adversaries to maintain persistence such as CreateAccessKey, ImportKeyPair.", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1098"}, {"comments": "The Persistence:IAMUser/AnomalousBehavior finding can detect anomalous API requests that can be used by adversaries to maintain persistence such as CreateAccessKey, ImportKeyPair.", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1098"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The following GuardDuty findings provide indicators of malicious activity in defense measures:\nStealth:IAMUser/CloudTrailLoggingDisabled Stealth:IAMUser/PasswordPolicyChange Stealth:S3/ServerAccessLoggingDisabled Impact:S3/MaliciousIPCaller Exfiltration:S3/MaliciousIPCaller Exfiltration:S3/ObjectRead.Unusual PenTest:S3/KaliLinux PenTest:S3/ParrotLinux PenTest:S3/PentooLinux UnauthorizedAccess:S3/MaliciousIPCaller.Custom UnauthorizedAccess:S3/TorIPCaller", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1562"}, {"comments": "The following GuardDuty findings provide indicators of malicious activity in defense measures:\nStealth:IAMUser/CloudTrailLoggingDisabled Stealth:IAMUser/PasswordPolicyChange Stealth:S3/ServerAccessLoggingDisabled Impact:S3/MaliciousIPCaller Exfiltration:S3/MaliciousIPCaller Exfiltration:S3/ObjectRead.Unusual PenTest:S3/KaliLinux PenTest:S3/ParrotLinux PenTest:S3/PentooLinux UnauthorizedAccess:S3/MaliciousIPCaller.Custom UnauthorizedAccess:S3/TorIPCaller", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1562"}, {"comments": "The following GuardDuty findings provide indicators of malicious activity in defense measures:\nStealth:IAMUser/CloudTrailLoggingDisabled Stealth:IAMUser/PasswordPolicyChange Stealth:S3/ServerAccessLoggingDisabled Impact:S3/MaliciousIPCaller Exfiltration:S3/MaliciousIPCaller Exfiltration:S3/ObjectRead.Unusual PenTest:S3/KaliLinux PenTest:S3/ParrotLinux PenTest:S3/PentooLinux UnauthorizedAccess:S3/MaliciousIPCaller.Custom UnauthorizedAccess:S3/TorIPCaller", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1562"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Due to the detection being limited to a specific set of application protocols, its coverage is Minimal resulting in a Minimal score.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "Due to the detection being limited to a specific set of application protocols, its coverage is Minimal resulting in a Minimal score.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "Due to the detection being limited to a specific set of application protocols, its coverage is Minimal resulting in a Minimal score.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following finding types in Amazon GuardDuty can be used to identify potentially malicious interactions with S3 which may lead to the compromise of any credential files stored in S3: Impact:S3/MaliciousIPCaller Exfiltration:S3/MaliciousIPCaller Exfiltration:S3/ObjectRead.Unusual PenTest:S3/KaliLinux PenTest:S3/ParrotLinux PenTest:S3/PentooLinux UnauthorizedAccess:S3/MaliciousIPCaller.Custom UnauthorizedAccess:S3/TorIPCaller\nThe score is capped at Partial since the findings only apply to credential files stored within S3 buckets and only certain types of suspicious behaviors.", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1552"}, {"comments": "The UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration finding type flags attempts to run AWS API operations from a host outside of EC2 using temporary AWS credentials that were created on an EC2 instance in your AWS environment. This may indicate that the temporary credentials have been compromised. Score is capped at Minimal because external use is required for detection.", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1552"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1526", "attack-object-name": "Cloud Service Discovery", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "GuardDuty flags events matching the following finding types that relate to adversaries attempting to communicate using application layer protocols to avoid detection.\nUnauthorizedAccess:EC2/MaliciousIPCaller.Custom Backdoor:EC2/C&CActivity.B Backdoor:EC2/C&CActivity.B!DNS Trojan:EC2/BlackholeTraffic Trojan:EC2/BlackholeTraffic!DNS Trojan:EC2/DropPoint Trojan:EC2/DropPoint!DNS Backdoor:EC2/C&CActivity.B Impact:EC2/MaliciousDomainRequest.Reputation Impact:EC2/SuspiciousDomainRequest.Reputation", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "GuardDuty flags events matching the following finding types that relate to adversaries attempting to communicate using application layer protocols to avoid detection.\nUnauthorizedAccess:EC2/MaliciousIPCaller.Custom Backdoor:EC2/C&CActivity.B Backdoor:EC2/C&CActivity.B!DNS Trojan:EC2/BlackholeTraffic Trojan:EC2/BlackholeTraffic!DNS Trojan:EC2/DropPoint Trojan:EC2/DropPoint!DNS Backdoor:EC2/C&CActivity.B Impact:EC2/MaliciousDomainRequest.Reputation Impact:EC2/SuspiciousDomainRequest.Reputation", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "GuardDuty flags events matching the following finding types that relate to adversaries attempting to communicate using application layer protocols to avoid detection.\nUnauthorizedAccess:EC2/MaliciousIPCaller.Custom Backdoor:EC2/C&CActivity.B Backdoor:EC2/C&CActivity.B!DNS Trojan:EC2/BlackholeTraffic Trojan:EC2/BlackholeTraffic!DNS Trojan:EC2/DropPoint Trojan:EC2/DropPoint!DNS Backdoor:EC2/C&CActivity.B Impact:EC2/MaliciousDomainRequest.Reputation Impact:EC2/SuspiciousDomainRequest.Reputation", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "GuardDuty flags events matching the following finding types that relate to adversaries attempting to communicate using application layer protocols to avoid detection.\nUnauthorizedAccess:EC2/MaliciousIPCaller.Custom Backdoor:EC2/C&CActivity.B Backdoor:EC2/C&CActivity.B!DNS Trojan:EC2/BlackholeTraffic Trojan:EC2/BlackholeTraffic!DNS Trojan:EC2/DropPoint Trojan:EC2/DropPoint!DNS Backdoor:EC2/C&CActivity.B Impact:EC2/MaliciousDomainRequest.Reputation Impact:EC2/SuspiciousDomainRequest.Reputation", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "GuardDuty has the following finding types to flag events where adversaries may dynamically establish connections to command-and-control infrastructure to evade common detections and remediations.\nTrojan:EC2/DGADomainRequest.B Trojan:EC2/DGADomainRequest.C!DNS", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1568"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The UnauthorizedAccess:EC2/TorClient GuardDuty finding type flags events where adversaries may use a connection proxy to direct network traffic between systems or act as an intermediary for network communications to a command-and-control server to avoid direct connections to their infrastructure.\nDue to the detection being limited to a specific type of proxy, Tor, its coverage is Minimal resulting in a Minimal score.", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1090"}, {"comments": "The UnauthorizedAccess:EC2/TorClient GuardDuty finding type flags events where adversaries may use a connection proxy to direct network traffic between systems or act as an intermediary for network communications to a command-and-control server to avoid direct connections to their infrastructure.\nDue to the detection being limited to a specific type of proxy, Tor, its coverage is Minimal resulting in a Minimal score.", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1090"}, {"comments": "The UnauthorizedAccess:EC2/TorClient GuardDuty finding type flags events where adversaries may use a connection proxy to direct network traffic between systems or act as an intermediary for network communications to a command-and-control server to avoid direct connections to their infrastructure.\nDue to the detection being limited to a specific type of proxy, Tor, its coverage is Minimal resulting in a Minimal score.", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1090"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1020", "attack-object-name": "Automated Exfiltration", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The following GuardDuty finding type flags events where adversaries may steal data by exfiltrating it over a different protocol than that of the existing command and control channel.\nTrojan:EC2/DNSDataExfiltration Behavior:EC2/TrafficVolumeUnusual", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The following finding types in GuardDuty flag events where adversaries may use an existing, legitimate external Web service to exfiltrate data rather than their primary command-and-control channel.\nExfiltration:S3/ObjectRead.Unusual Exfiltration:S3/MaliciousIPCaller Exfiltration:IAMUser/AnomalousBehavior Behavior:EC2/TrafficVolumeUnusual", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1567"}, {"comments": "The following finding types in GuardDuty flag events where adversaries may use an existing, legitimate external Web service to exfiltrate data rather than their primary command-and-control channel.\nExfiltration:S3/ObjectRead.Unusual Exfiltration:S3/MaliciousIPCaller Exfiltration:IAMUser/AnomalousBehavior Behavior:EC2/TrafficVolumeUnusual", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1567"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The Impact:S3/MaliciousIPCaller finding type is looking for API calls commonly associated with Impact tactic of techniques where an adversary is trying to manipulate, interrupt, or destroy data within your AWS environment.", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1565"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The following finding types in GuardDuty flag events where adversaries may perform Network Denial of Service (DoS) attacks to degrade or block the availability of targeted resources to users.\nBackdoor:EC2/DenialOfService.UdpOnTcpPorts Backdoor:EC2/DenialOfService.UnusualProtocol Backdoor:EC2/DenialOfService.Udp Backdoor:EC2/DenialOfService.Tcp Backdoor:EC2/DenialOfService.Dns", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1498"}, {"comments": "The following finding types in GuardDuty flag events where adversaries may perform Network Denial of Service (DoS) attacks to degrade or block the availability of targeted resources to users.\nBackdoor:EC2/DenialOfService.UdpOnTcpPorts Backdoor:EC2/DenialOfService.UnusualProtocol Backdoor:EC2/DenialOfService.Udp Backdoor:EC2/DenialOfService.Tcp Backdoor:EC2/DenialOfService.Dns", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1498"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The following finding types can be used to detect behavior that can lead to the defacement of\ncloud resources:\nImpact:S3/MaliciousIPCaller\nExfiltration:S3/MaliciousIPCaller\nExfiltration:S3/ObjectRead.Unusual\nPenTest:S3/KaliLinux\nPenTest:S3/ParrotLinux\nPenTest:S3/PentooLinux\nUnauthorizedAccess:S3/MaliciousIPCaller.Custom\nUnauthorizedAccess:S3/TorIPCaller", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1491"}, {"comments": "The following finding types can be used to detect behavior that can lead to the defacement of\ncloud resources:\nImpact:S3/MaliciousIPCaller\nExfiltration:S3/MaliciousIPCaller\nExfiltration:S3/ObjectRead.Unusual\nPenTest:S3/KaliLinux\nPenTest:S3/ParrotLinux\nPenTest:S3/PentooLinux\nUnauthorizedAccess:S3/MaliciousIPCaller.Custom\nUnauthorizedAccess:S3/TorIPCaller", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1491"}, {"comments": "There is not much documentation that lends itself useful to scoring the accuracy of this control although offerings such as Shield Advanced protection groups and the AWS Shield Response Team (SRT) can be leveraged to improve the accuracy of this control. The control states that DDOS attacks can be mitigated in real time (temporal factor) and not increase cause latency for impacted services.", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": ["https://aws.amazon.com/shield/?whats-new-cards.sort-by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc", "https://aws.amazon.com/shield/features/"], "tags": ["Denial of Service", "Network"], "mapping-description": "", "capability-id": "AWS Shield", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "AWS Shield will set and use a static network flow threshold to detect incoming traffic to AWS services. This will reduce direct network DOS attacks by applying an undisclosed combination of traffic signatures, anomaly algorithms, and other analysis techniques to detect malicious traffic in real-time. AWS Shield Advance identifies anomalies in network traffic to flag attempted attacks and execute inline mitigations to resolve the issue. ", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Shield", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1498"}, {"comments": "AWS Shield will set and use a static network flow threshold to detect incoming traffic to AWS services. This will reduce direct network DOS attacks by applying an undisclosed combination of traffic signatures, anomaly algorithms, and other analysis techniques to detect malicious traffic in real-time. AWS Shield Advance identifies anomalies in network traffic to flag attempted attacks and execute inline mitigations to resolve the issue. ", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Shield", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1498"}, {"comments": "There is not much documentation that lends itself useful to scoring the accuracy of this control although offerings such as Shield Advanced protection groups and the AWS Shield Response Team (SRT) can be leveraged to improve the accuracy of this control. The control states that DDOS attacks can be mitigated in real time (temporal factor) and not increase cause latency for impacted services.", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://aws.amazon.com/shield/?whats-new-cards.sort-by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc", "https://aws.amazon.com/shield/features/"], "tags": ["Denial of Service", "Network"], "mapping-description": "", "capability-id": "AWS Shield", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "AWS Shield Standard provides protection and response to these Denial of Service attacks in real time by using a network traffic baseline and identifying anomalies among other techniques. ", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Shield", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1499"}, {"comments": "AWS Shield Standard provides protection and response to these Denial of Service attacks in real time by using a network traffic baseline and identifying anomalies among other techniques. ", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Shield", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1499"}, {"comments": "AWS Shield Advance allows for customized detection and mitigations for custom applications that are running on EC2 instances.", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Shield", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1499"}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1020", "attack-object-name": "Automated Exfiltration", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following AWS IoT Device Defender audit checks and corresponding mitigation actions can identify and resolve configuration problems that should be fixed in order to ensure SSL/TLS encryption is enabled and secure to protect network traffic to/from IoT devices: \"CA certificate expiring\" (\"CA_CERTIFICATE_EXPIRING_CHECK\" in the CLI and API), \"CA certificate key quality\" (\"CA_CERTIFICATE_KEY_QUALITY_CHECK\" in the CLI and API), and \"CA certificate revoked but device certificates still active\" (\"REVOKED_CA_CERTIFICATE_STILL_ACTIVE_CHECK\" in the CLI and API) can identify problems with certificate authority (CA) certificates being used for signing and support the \"UPDATE_CA_CERTIFICATE\" mitigation action which can resolve them. \"Device certificate expiring\" (\"DEVICE_CERTIFICATE_EXPIRING_CHECK\" in the CLI and API), \"Device certificate key quality\" (\"DEVICE_CERTIFICATE_KEY_QUALITY_CHECK\" in the CLI and API), \"Device certificate shared\" (\"DEVICE_CERTIFICATE_SHARED_CHECK\" in the CLI and API), and \"Revoked device certificate still active\" (\"REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK\" in the CLI and API) can identify problems with IoT devices' certificates and support the \"UPDATE_DEVICE_CERTIFICATE\" and \"ADD_THINGS_TO_THING_GROUP\" mitigation actions which can resolve them.\nCoverage factor is partial for these checks and mitigations, since they are specific to IoT device communication and can only mitigate behavior for adversaries who are unable to decrypt the relevant traffic, resulting in an overall score of Partial.", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1020"}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The following AWS IoT Device Defender device-side detection metrics can detect indicators that an adversary may be exfiltrating collected data from compromised AWS IoT devices over a given channel to/from those devices: \"Destination IPs\" (\"aws:destination-ip-addresses\") outside of expected IP address ranges may suggest that a device is communicating with unexpected parties. \"Bytes in\" (\"aws:all-bytes-in\"), \"Bytes out\" (\"aws:all-bytes-out\"), \"Packets in\" (\"aws:all-packets-in\"), and \"Packets out\" (\"aws:all-packets-out\") values outside of expected norms may indicate that the device is sending and/or receiving non-standard traffic, which may include exfiltration of stolen data. \"Listening TCP ports\" (\"aws:listening-tcp-ports\"), \"Listening TCP port count\" (\"aws:num-listening-tcp-ports\"), \"Established TCP connections count\" (\"aws:num-established-tcp-connections\"), \"Listening UDP ports\" (\"aws:listening-udp-ports\"), and \"Listening UDP port count\" (\"aws:num-listening-udp-ports\") values outside of expected norms may indicate that devices are communicating via unexpected ports/protocols, which may include exfiltration of data over those ports/protocols.\nCoverage factor is partial, since these metrics are limited to exfiltration from IoT devices, resulting in an overall score of Partial.", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "The following AWS IoT Device Defender device-side detection metrics can detect indicators that an adversary may be exfiltrating collected data from compromised AWS IoT devices over a given channel to/from those devices: \"Destination IPs\" (\"aws:destination-ip-addresses\") outside of expected IP address ranges may suggest that a device is communicating with unexpected parties. \"Bytes in\" (\"aws:all-bytes-in\"), \"Bytes out\" (\"aws:all-bytes-out\"), \"Packets in\" (\"aws:all-packets-in\"), and \"Packets out\" (\"aws:all-packets-out\") values outside of expected norms may indicate that the device is sending and/or receiving non-standard traffic, which may include exfiltration of stolen data. \"Listening TCP ports\" (\"aws:listening-tcp-ports\"), \"Listening TCP port count\" (\"aws:num-listening-tcp-ports\"), \"Established TCP connections count\" (\"aws:num-established-tcp-connections\"), \"Listening UDP ports\" (\"aws:listening-udp-ports\"), and \"Listening UDP port count\" (\"aws:num-listening-udp-ports\") values outside of expected norms may indicate that devices are communicating via unexpected ports/protocols, which may include exfiltration of data over those ports/protocols.\nCoverage factor is partial, since these metrics are limited to exfiltration from IoT devices, resulting in an overall score of Partial.", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "The following AWS IoT Device Defender device-side detection metrics can detect indicators that an adversary may be exfiltrating collected data from compromised AWS IoT devices over a given channel to/from those devices: \"Destination IPs\" (\"aws:destination-ip-addresses\") outside of expected IP address ranges may suggest that a device is communicating with unexpected parties. \"Bytes in\" (\"aws:all-bytes-in\"), \"Bytes out\" (\"aws:all-bytes-out\"), \"Packets in\" (\"aws:all-packets-in\"), and \"Packets out\" (\"aws:all-packets-out\") values outside of expected norms may indicate that the device is sending and/or receiving non-standard traffic, which may include exfiltration of stolen data. \"Listening TCP ports\" (\"aws:listening-tcp-ports\"), \"Listening TCP port count\" (\"aws:num-listening-tcp-ports\"), \"Established TCP connections count\" (\"aws:num-established-tcp-connections\"), \"Listening UDP ports\" (\"aws:listening-udp-ports\"), and \"Listening UDP port count\" (\"aws:num-listening-udp-ports\") values outside of expected norms may indicate that devices are communicating via unexpected ports/protocols, which may include exfiltration of data over those ports/protocols.\nCoverage factor is partial, since these metrics are limited to exfiltration from IoT devices, resulting in an overall score of Partial.", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following AWS IoT Device Defender audit checks can identify potentially malicious use of valid cloud credentials by AWS IoT devices, which may indicate that devices have been compromised: \"CA certificate revoked but device certificates still active\" (\"REVOKED_CA_CERTIFICATE_STILL_ACTIVE_CHECK\" in the CLI and API) indicates that device certificates signed using a revoked CA certificate are still active, which may indicate that devices using those certificates are controlled by an adversary if the CA certificate was revoked due to compromise. \"Device certificate shared\" (\"DEVICE_CERTIFICATE_SHARED_CHECK\" in the CLI and API), \"Revoked device certificate still active\" (\"REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK\" in the CLI and API), and \"Conflicting MQTT client IDs\" (\"CONFLICTING_CLIENT_IDS_CHECK\" in the CLI and API) can indicate that devices are in use with duplicate certificates and/or IDs and/or certificates that have been revoked due to compromise, all of which suggest that an adversary may be using clones of compromised devices to leverage their access.\nThe following AWS IoT Device Defender cloud-side detection metrics can identify potentially malicious use of valid cloud credentials by IoT devices, which may indicate that devices have been compromised: \"Source IP\" (\"aws:source-ip-address\") values outside of expected IP address ranges may suggest that a device has been stolen. \"Authorization failures\" (\"aws:num-authorization-failures\") counts above a typical threshold may indicate that a compromised device is attempting to use its connection to AWS IoT to access resources for which it does not have access and being denied. High counts for \"Disconnects\" (\"aws:num-disconnects\"), especially in conjunction with high counts for \"Connection attempts\" (\"aws:num-connection-attempts\"), which include successful attempts, may indicate that a compromised device is connecting and disconnecting from AWS IoT using the device's associated access.\nCoverage factor is partial for these metrics, checks, and mitigations, since they are specific to use of cloud accounts for AWS IoT access and actions, resulting in an overall score of Partial.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "The following AWS IoT Device Defender audit checks and corresponding mitigation actions can identify and in some cases resolve configuration problems that should be fixed in order to limit the potential impact of compromised accounts with access to AWS IoT resources: The \"Authenticated Cognito role overly permissive\" (\"AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK\" in the CLI and API) audit check can identify policies which grant excessive privileges and permissions for AWS IoT actions to Amazon Cognito identity pool roles. The \"Unauthenticated Cognito role overly permissive\" (\"UNAUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK\" in the CLI and API) audit check can identify policies which grant excessive privileges and permissions for AWS IoT actions to Amazon Cognito identity pool roles and do not require authentication, which pose a substantial risk because they can be trivially accessed. The \"AWS IoT policies overly permissive\" (\"IOT_POLICY_OVERLY_PERMISSIVE_CHECK\" in the CLI and API) audit check can identify AWS IoT policies which grant excessive privileges and permissions for AWS IoT actions and supports the \"REPLACE_DEFAULT_POLICY_VERSION\" mitigation action which can reduce permissions to limit potential misuse. The \"Role alias allows access to unused services\" (\"IOT_ROLE_ALIAS_ALLOWS_ACCESS_TO_UNUSED_SERVICES_CHECK\" in the CLI and API) and \"Role alias overly permissive\" (\"IOT_ROLE_ALIAS_OVERLY_PERMISSIVE_CHECK\" in the CLI and API) audit checks can identify AWS IoT role aliases which allow connected devices to authenticate using their certificates and obtain short-lived AWS credentials from an associated IAM role which grant permissions and privileges beyond those necessary to the devices' functions and should be fixed in order to prevent further account compromise from compromised devices.\nCoverage factor is partial for these checks and mitigations, since they are specific to use of cloud accounts for AWS IoT access and actions, resulting in an overall score of Partial.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following AWS IoT Device Defender audit checks can identify potentially malicious use of private keys associated with AWS IoT devices, which may indicate that the keys have been taken from compromised devices and repurposed by an adversary: \"Device certificate shared\" (\"DEVICE_CERTIFICATE_SHARED_CHECK\" in the CLI and API) and \"Revoked device certificate still active\" (\"REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK\" in the CLI and API) can indicate that devices are in use with duplicate certificates and/or certificates that have been revoked due to compromise, both of which suggest that an adversary may be misusing stolen private keys.\nCoverage factor is partial for these checks and mitigations, since they are specific to use of private keys associated with AWS IoT devices, resulting in an overall score of Partial.", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1552"}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Minimal", "related-score": ""}, {"comments": "The \"Logging disabled\" audit check (\"LOGGING_DISABLED_CHECK\" in the CLI and API) can identify potentially malicious changes to AWS IoT logs (both V1 and V2), which should be enabled in Amazon CloudWatch. Score is limited to Partial since this control only addresses IoT logging.", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1562"}, {"comments": "The \"ENABLE_IOT_LOGGING\" mitigation action (which is supported by the \"Logging disabled\" audit check) enables AWS IoT logging if it is not enabled when the check is run, effectively reversing the adversary behavior if those logs were disabled due to malicious changes. Score is limited to Partial since this control only addresses IoT logging.", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Partial", "related-score": "T1562"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html", "https://aws.amazon.com/organizations/getting-started/best-practices/"], "tags": ["Identity"], "mapping-description": "", "capability-id": "AWS Organizations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may protect against malicious use of cloud accounts by implementing service control policies that define what actions an account may take. If best practices are followed, AWS accounts should only have the least amount of privileges required.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Organizations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1078"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html", "https://aws.amazon.com/organizations/getting-started/best-practices/"], "tags": ["Identity"], "mapping-description": "", "capability-id": "AWS Organizations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may protect against cloud account discovery by segmenting accounts into separate organizational units and restricting to least privileges between groups. ", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Organizations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1087"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html", "https://aws.amazon.com/organizations/getting-started/best-practices/"], "tags": ["Identity"], "mapping-description": "", "capability-id": "AWS Organizations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": ["https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html", "https://aws.amazon.com/organizations/getting-started/best-practices/"], "tags": ["Identity"], "mapping-description": "", "capability-id": "AWS Organizations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://aws.amazon.com/cloudendure-disaster-recovery/", "https://docs.cloudendure.com/#Configuring_and_Running_Disaster_Recovery/Configuring_and_Running_Disaster_Recovery.htm"], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://aws.amazon.com/cloudendure-disaster-recovery/", "https://docs.cloudendure.com/#Configuring_and_Running_Disaster_Recovery/Configuring_and_Running_Disaster_Recovery.htm"], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": ["https://aws.amazon.com/cloudendure-disaster-recovery/", "https://docs.cloudendure.com/#Configuring_and_Running_Disaster_Recovery/Configuring_and_Running_Disaster_Recovery.htm"], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": ["https://aws.amazon.com/cloudendure-disaster-recovery/", "https://docs.cloudendure.com/#Configuring_and_Running_Disaster_Recovery/Configuring_and_Running_Disaster_Recovery.htm"], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS CloudEndure Disaster Recovery enables the replication and recovery of servers into AWS Cloud. In the event that data on servers is manipulated, AWS CloudEndure can be used to provision an instance of the server from a previous point in time within minutes. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1565"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": ["https://aws.amazon.com/cloudendure-disaster-recovery/", "https://docs.cloudendure.com/#Configuring_and_Running_Disaster_Recovery/Configuring_and_Running_Disaster_Recovery.htm"], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "AWS CloudEndure Disaster Recovery enables the replication and recovery of servers into AWS Cloud. In the event that servers are defaced, AWS CloudEndure can be used to provision an instance of the server from a previous point in time within minutes. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1491"}, {"comments": "AWS CloudEndure Disaster Recovery enables the replication and recovery of servers into AWS Cloud. In the event that servers are defaced, AWS CloudEndure can be used to provision an instance of the server from a previous point in time within minutes. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1491"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": ["https://aws.amazon.com/cloudendure-disaster-recovery/", "https://docs.cloudendure.com/#Configuring_and_Running_Disaster_Recovery/Configuring_and_Running_Disaster_Recovery.htm"], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "AWS CloudEndure Disaster Recovery enables the replication and recovery of servers into AWS Cloud. In the event that server disks are wiped, AWS CloudEndure can be used to provision an instance of the server from a previous point in time within minutes. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1561"}, {"comments": "AWS CloudEndure Disaster Recovery enables the replication and recovery of servers into AWS Cloud. In the event that server disks are wiped, AWS CloudEndure can be used to provision an instance of the server from a previous point in time within minutes. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1561"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": ["https://aws.amazon.com/cloudendure-disaster-recovery/", "https://docs.cloudendure.com/#Configuring_and_Running_Disaster_Recovery/Configuring_and_Running_Disaster_Recovery.htm"], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://aws.amazon.com/kms/", "https://docs.aws.amazon.com/kms/latest/developerguide/overview.html"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "AWS Key Management Service", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This service provides a more secure alternative to storing encryption keys in the file system. As a result of this service only supporting cryptographic keys and not other types of credentials, the coverage score is assessed as Partial resulting in an overall Partial score.", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Key Management Service", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1552"}, {"comments": "This service allows for securely storing encryption keys and enforcing fine-grained access to the keys. The service does not allow anyone access to retrieve plaintext keys from the service.", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Key Management Service", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1552"}, {"comments": "", "attack-object-id": "T1588", "attack-object-name": "Obtain Capabilities", "references": ["https://aws.amazon.com/kms/", "https://docs.aws.amazon.com/kms/latest/developerguide/overview.html"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "AWS Key Management Service", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The encryption key for the certificate can be stored in KMS, reducing its attack surface. Score is capped at Partial because adversaries can still misuse keys/certs if KMS and KMS resources are compromised.", "attack-object-id": "T1588.003", "attack-object-name": "Code Signing Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Key Management Service", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1588"}, {"comments": "The encryption key for the certificate can be stored in KMS, reducing its attack surface. Score is capped at Partial because adversaries can still misuse keys/certs if KMS and KMS resources are compromised.", "attack-object-id": "T1588.004", "attack-object-name": "Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Key Management Service", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1588"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Amazon Inspector Best Practices assessment package can detect security control settings related to authentication and password policies on Linux endpoints. Specific security controls it can assess include \"Disable password authentication over SSH\", \"Configure password maximum age\", \"Configure password minimum length\", and \"Configure password complexity\" all of which impact the ability to brute force a password. This information can be used identify insecure configurations and harden the endpoints. Amazon Inspector does not directly protect against brute force attacks. Given Amazon Inspector can only assess these security controls on Linux platforms (although it also supports Windows), the coverage score is Minimal leading to an overall Minimal score.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "The Amazon Inspector Best Practices assessment package can detect security control settings related to authentication and password policies on Linux endpoints. Specific security controls it can assess include \"Disable password authentication over SSH\", \"Configure password maximum age\", \"Configure password minimum length\", and \"Configure password complexity\" all of which impact the ability to brute force a password. This information can be used identify insecure configurations and harden the endpoints. Amazon Inspector does not directly protect against brute force attacks. Given Amazon Inspector can only assess these security controls on Linux platforms (although it also supports Windows), the coverage score is Minimal leading to an overall Minimal score.", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "The Amazon Inspector Best Practices assessment package can detect security control settings related to authentication and password policies on Linux endpoints. Specific security controls it can assess include \"Disable password authentication over SSH\", \"Configure password maximum age\", \"Configure password minimum length\", and \"Configure password complexity\" all of which impact the ability to brute force a password. This information can be used identify insecure configurations and harden the endpoints. Amazon Inspector does not directly protect against brute force attacks. Given Amazon Inspector can only assess these security controls on Linux platforms (although it also supports Windows), the coverage score is Minimal leading to an overall Minimal score.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "The Amazon Inspector Best Practices assessment package can detect security control settings related to authentication and password policies on Linux endpoints. Specific security controls it can assess include \"Disable password authentication over SSH\", \"Configure password maximum age\", \"Configure password minimum length\", and \"Configure password complexity\" all of which impact the ability to brute force a password. This information can be used identify insecure configurations and harden the endpoints. Amazon Inspector does not directly protect against brute force attacks. Given Amazon Inspector can only assess these security controls on Linux platforms (although it also supports Windows), the coverage score is Minimal leading to an overall Minimal score.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Amazon Inspector Best Practices assessment package can detect a security control setting related to remote service access on Linux endpoints. Specifically, \"Disable root login over SSH\". This information can be used identify insecure configurations and harden the endpoints. Amazon Inspector does not directly protect against adversaries accessing remote services. Given Amazon Inspector can only assess this security control on Linux platforms (although it also supports Windows) and it only restricts access to remote services for one user account, the coverage score is Minimal leading to an overall Minimal score.", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1021"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this the score is capped at Partial. ", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1222"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1070"}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1070"}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1070.004", "attack-object-name": "File Deletion", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1070"}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1070.005", "attack-object-name": "Network Share Connection Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1070"}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1070.006", "attack-object-name": "Timestomp", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1070"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Furthermore, Amazon Inspector only supports a subset of the sub-techniques for this technique. Due to these things and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1599"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1003"}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1003"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1053"}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1053"}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1053"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1529", "attack-object-name": "System Shutdown/Reboot", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1548"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this, the score is capped at Partial. ", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1037"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this, the score is capped at Partial. ", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1543"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The Amazon Inspector Network Reachability assessment package can assess whether or not cloud/network components are vulnerable (e.g., publicly accessible from the Internet). Amazon Inspector does not directly protect cloud/network components rather reports on vulnerabilities that it identifies which can then be used to securely configure the cloud/network components. Due to this, the score is capped at Partial. ", "attack-object-id": "T1595.001", "attack-object-name": "Scanning IP Blocks", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "The Amazon Inspector Network Reachability assessment package can assess whether or not cloud/network components are vulnerable (e.g., publicly accessible from the Internet). Amazon Inspector does not directly protect cloud/network components rather reports on vulnerabilities that it identifies which can then be used to securely configure the cloud/network components. Due to this, the score is capped at Partial. ", "attack-object-id": "T1595.002", "attack-object-name": "Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1590", "attack-object-name": "Gather Victim Network Information", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "VPC security groups and network access control lists (NACLs) can prevent the gathering of victim network information via (active) scanning methods but is not effective against other methods of gathering victim network information such as via Phishing or online databases (e.g. WHOIS) resulting in a Partial coverage score and an overall Partial score.", "attack-object-id": "T1590.001", "attack-object-name": "Domain Properties", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "VPC security groups and network access control lists (NACLs) can prevent the gathering of victim network information via (active) scanning methods but is not effective against other methods of gathering victim network information such as via Phishing or online databases (e.g. WHOIS) resulting in a Partial coverage score and an overall Partial score.", "attack-object-id": "T1590.004", "attack-object-name": "Network Topology", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "VPC security groups and network access control lists (NACLs) can prevent the gathering of victim network information via (active) scanning methods but is not effective against other methods of gathering victim network information such as via Phishing or online databases (e.g. WHOIS) resulting in a Partial coverage score and an overall Partial score.", "attack-object-id": "T1590.005", "attack-object-name": "IP Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "VPC security groups and network access control lists (NACLs) can prevent the gathering of victim network information via (active) scanning methods but is not effective against other methods of gathering victim network information such as via Phishing or online databases (e.g. WHOIS) resulting in a Partial coverage score and an overall Partial score.", "attack-object-id": "T1590.006", "attack-object-name": "Network Security Appliances", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict inbound traffic that can protect against active scanning techniques such as Scanning IP Blocks and/or Vulnerability Scanning. Because this protection is limited to known malicious IP addresses and domains and does not provide protection from such attacks from unknown domains and IP addresses, this is scored as partial coverage resulting in an overall Partial score.", "attack-object-id": "T1595.001", "attack-object-name": "Scanning IP Blocks", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict inbound traffic that can protect against active scanning techniques such as Scanning IP Blocks and/or Vulnerability Scanning. Because this protection is limited to known malicious IP addresses and domains and does not provide protection from such attacks from unknown domains and IP addresses, this is scored as partial coverage resulting in an overall Partial score.", "attack-object-id": "T1595.002", "attack-object-name": "Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "VPC security groups and network access control lists (NACLs) can protect against this sub-technique by enforcing limited access to only required ports. Consequently, even if the adversary is able to utilize port knocking to open additional ports at the host level, it is still blocked at the security group or NACL level. ", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1205"}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1018", "attack-object-name": "Remote System Discovery", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "VPC security groups and network access control lists (NACLs) can limit access to the minimum required ports and therefore protect against adversaries attempting to exfiltrate data using a different protocol than that of the existing command and control channel. In environments where unrestricted Internet access is required, security groups and NACLs can still be used to block known malicious endpoints. Because in such environments the protection is limited to known malicious IP addresses and domains and does not provide protection from such attacks from unknown domains and IP addresses, this is scored as partial coverage resulting in an overall Partial score.", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "VPC security groups and network access control lists (NACLs) can limit access to the minimum required ports and therefore protect against adversaries attempting to exfiltrate data using a different protocol than that of the existing command and control channel. In environments where unrestricted Internet access is required, security groups and NACLs can still be used to block known malicious endpoints. Because in such environments the protection is limited to known malicious IP addresses and domains and does not provide protection from such attacks from unknown domains and IP addresses, this is scored as partial coverage resulting in an overall Partial score.", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "VPC security groups and network access control lists (NACLs) can limit access to the minimum required ports and therefore protect against adversaries attempting to exfiltrate data using a different protocol than that of the existing command and control channel. In environments where unrestricted Internet access is required, security groups and NACLs can still be used to block known malicious endpoints. Because in such environments the protection is limited to known malicious IP addresses and domains and does not provide protection from such attacks from unknown domains and IP addresses, this is scored as partial coverage resulting in an overall Partial score.", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1557"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1557"}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1565"}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Can limit access to client management interfaces or configuration databases.", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1602"}, {"comments": "Can limit access to client management interfaces or configuration databases.", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1602"}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict clients to connecting (and therefore booting) from only trusted network resources.", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1542"}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict access to endpoints but will prove effective at mitigating only low-end DOS attacks resulting in a Minimal score.", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1499"}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict access to endpoints but will prove effective at mitigating only low-end DOS attacks resulting in a Minimal score.", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1499"}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict access to endpoints but will prove effective at mitigating only low-end DOS attacks resulting in a Minimal score.", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1499"}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "VPC security groups and network access control lists (NACLs) can restrict access between systems, enclaves, and workloads thereby mitigating these proxy related sub-techniques.", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "VPC security groups and network access control lists (NACLs) can restrict access between systems, enclaves, and workloads thereby mitigating these proxy related sub-techniques.", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "VPC security groups and network access control lists (NACLs) can restrict access between systems, enclaves, and workloads thereby mitigating these proxy related sub-techniques.", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html", "https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-compromised-credentials.html", "https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html"], "tags": ["Identity"], "mapping-description": "", "capability-id": "Amazon Cognito", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Amazon Cognito has the ability to alert and block accounts where credentials were found to be compromised elsewhere (compromised credential protection). The service also detects unusual sign-in activity, such as sign-in attempts from new locations and devices and can either prompt users for additional verification or block the sign-in request. There was insufficient detail on the operation of these capabilities and therefore a conservative assessment of a Partial score has been assigned.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Cognito", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html", "https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-compromised-credentials.html", "https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html"], "tags": ["Identity"], "mapping-description": "", "capability-id": "Amazon Cognito", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "MFA can significantly reduce the impact of a password compromise, requiring the adversary to complete an additional authentication method before their access is permitted.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Cognito", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "MFA can significantly reduce the impact of a password compromise, requiring the adversary to complete an additional authentication method before their access is permitted.", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Cognito", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "MFA can significantly reduce the impact of a password compromise, requiring the adversary to complete an additional authentication method before their access is permitted.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Cognito", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "MFA can significantly reduce the impact of a password compromise, requiring the adversary to complete an additional authentication method before their access is permitted.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Cognito", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://aws.amazon.com/waf/", "https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html", "https://docs.aws.amazon.com/waf/latest/APIReference/Welcome.html", "https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": ["https://aws.amazon.com/waf/", "https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html", "https://docs.aws.amazon.com/waf/latest/APIReference/Welcome.html", "https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://aws.amazon.com/waf/", "https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html", "https://docs.aws.amazon.com/waf/latest/APIReference/Welcome.html", "https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": ["https://aws.amazon.com/waf/", "https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html", "https://docs.aws.amazon.com/waf/latest/APIReference/Welcome.html", "https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The AWS WAF protects web applications from injection attacks that leverage command and scripting interpreters. AWS WAF provides this protection via the following rule sets that block malicious traffic across a variety of operating systems and applications.\nAWSManagedRulesCommonRuleSet AWSManagedRulesSQLiRuleSet AWSManagedRulesUnixRuleSet AWSManagedRulesWindowsRuleSet AWSManagedRulesPHPRuleSet AWSManagedRulesWordPressRuleSet\nThis is given a score of Significant because it provides protections for PowerShell, Unix, and JavaScript command and scripting interpreters by blocking the malicious content in near real-time.", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1059"}, {"comments": "The AWS WAF protects web applications from injection attacks that leverage command and scripting interpreters. AWS WAF provides this protection via the following rule sets that block malicious traffic across a variety of operating systems and applications.\nAWSManagedRulesCommonRuleSet AWSManagedRulesSQLiRuleSet AWSManagedRulesUnixRuleSet AWSManagedRulesWindowsRuleSet AWSManagedRulesPHPRuleSet AWSManagedRulesWordPressRuleSet\nThis is given a score of Significant because it provides protections for PowerShell, Unix, and JavaScript command and scripting interpreters by blocking the malicious content in near real-time.", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1059"}, {"comments": "The AWS WAF protects web applications from injection attacks that leverage command and scripting interpreters. AWS WAF provides this protection via the following rule sets that block malicious traffic across a variety of operating systems and applications.\nAWSManagedRulesCommonRuleSet AWSManagedRulesSQLiRuleSet AWSManagedRulesUnixRuleSet AWSManagedRulesWindowsRuleSet AWSManagedRulesPHPRuleSet AWSManagedRulesWordPressRuleSet\nThis is given a score of Significant because it provides protections for PowerShell, Unix, and JavaScript command and scripting interpreters by blocking the malicious content in near real-time.", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1059"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": ["https://aws.amazon.com/waf/", "https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html", "https://docs.aws.amazon.com/waf/latest/APIReference/Welcome.html", "https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The AWS WAF protects web applications from access by adversaries that leverage tools that obscure their identity (e.g., VPN, proxies, Tor, hosting providers). AWS WAF provides this protection via the following rule set that blocks incoming traffic from IP addresses known to anonymize connection information or be less likely to source end user traffic.\nAWSManagedRulesAnonymousIpList\nThis is given a score of Partial because it provide protections for only a subset of the sub-techniques (2 out of 4) and is based only on known IP addresses. Furthermore, it blocks the malicious content in near real-time.", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "The AWS WAF protects web applications from access by adversaries that leverage tools that obscure their identity (e.g., VPN, proxies, Tor, hosting providers). AWS WAF provides this protection via the following rule set that blocks incoming traffic from IP addresses known to anonymize connection information or be less likely to source end user traffic.\nAWSManagedRulesAnonymousIpList\nThis is given a score of Partial because it provide protections for only a subset of the sub-techniques (2 out of 4) and is based only on known IP addresses. Furthermore, it blocks the malicious content in near real-time.", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": ["https://aws.amazon.com/waf/", "https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html", "https://docs.aws.amazon.com/waf/latest/APIReference/Welcome.html", "https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "AWS WAF protects against bots that run scans against web applications such as Nessus (vulnerability assessments) and Nmap (IP address and port scans) among others. AWS WAF does this by blocking malicious traffic that indicate bad bots such as those listed above (e.g., via User-Agent values). AWS WAF uses the following rule sets to provide this protection.\nAWSManagedRulesCommonRuleSet AWSManagedRulesBotControlRuleSet\nThis is scored as Partial because the rule sets, while they block malicious traffic in near real-time, only protect web applications against scans performed by bots.", "attack-object-id": "T1595.001", "attack-object-name": "Scanning IP Blocks", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "AWS WAF protects against bots that run scans against web applications such as Nessus (vulnerability assessments) and Nmap (IP address and port scans) among others. AWS WAF does this by blocking malicious traffic that indicate bad bots such as those listed above (e.g., via User-Agent values). AWS WAF uses the following rule sets to provide this protection.\nAWSManagedRulesCommonRuleSet AWSManagedRulesBotControlRuleSet\nThis is scored as Partial because the rule sets, while they block malicious traffic in near real-time, only protect web applications against scans performed by bots.", "attack-object-id": "T1595.002", "attack-object-name": "Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://aws.amazon.com/waf/", "https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html", "https://docs.aws.amazon.com/waf/latest/APIReference/Welcome.html", "https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://aws.amazon.com/waf/", "https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html", "https://docs.aws.amazon.com/waf/latest/APIReference/Welcome.html", "https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS WAF protects against this by inspecting incoming requests and blocking malicious traffic. AWS WAF uses the following rule sets to provide this protection.\nAWSManagedRulesCommonRuleSet AWSManagedRulesAdminProtectionRuleSet AWSManagedRulesKnownBadInputsRuleSet AWSManagedRulesSQLiRuleSet AWSManagedRulesLinuxRuleSet AWSManagedRulesUnixRuleSet AWSManagedRulesWindowsRuleSet AWSManagedRulesPHPRuleSet AWSManagedRulesWordPressRuleSet AWSManagedRulesBotControlRuleSet\nThis is scored as Minimal because the rule sets only protect against the web protocols sub-technique.", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1071"}, {"comments": "", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": ["https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html"], "tags": ["Metrics"], "mapping-description": "", "capability-id": "AWS CloudWatch", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": ["https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html"], "tags": ["Metrics"], "mapping-description": "", "capability-id": "AWS CloudWatch", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html"], "tags": ["Metrics"], "mapping-description": "", "capability-id": "AWS CloudWatch", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1592", "attack-object-name": "Gather Victim Host Information", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1592.001", "attack-object-name": "Hardware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1592"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1592.002", "attack-object-name": "Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1592"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1592.003", "attack-object-name": "Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1592"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1592.004", "attack-object-name": "Client Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1592"}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1589", "attack-object-name": "Gather Victim Identity Information", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1589.001", "attack-object-name": "Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1589"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1589.002", "attack-object-name": "Email Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1589"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1589.003", "attack-object-name": "Employee Names", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1589"}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1590", "attack-object-name": "Gather Victim Network Information", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1590.001", "attack-object-name": "Domain Properties", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1590"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1590.002", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1590"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1590.003", "attack-object-name": "Network Trust Dependencies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1590"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1590.004", "attack-object-name": "Network Topology", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1590"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1590.005", "attack-object-name": "IP Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1590"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1590.006", "attack-object-name": "Network Security Appliances", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1590"}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1591", "attack-object-name": "Gather Victim Org Information", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1591.001", "attack-object-name": "Determine Physical Locations", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1591"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1591.002", "attack-object-name": "Business Relationships", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1591"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1591.003", "attack-object-name": "Identify Business Tempo", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1591"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1591.004", "attack-object-name": "Identify Roles", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1591"}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS Security Hub detects suspicious activity by AWS accounts which could indicate valid accounts being leveraged by an adversary. AWS Security Hub provides these detections with the following managed insights.\nAWS principals with suspicious access key activity Credentials that may have leaked AWS resources with unauthorized access attempts IAM users with suspicious activity\nAWS Security Hub also performs checks from the AWS Foundations CIS Benchmark and PCI-DSS security standard that, if implemented, would help towards detecting the misuse of valid accounts. AWS Security Hub provides these detections with the following checks.\n3.1 Ensure a log metric filter and alarm exist for unauthorized API calls 3.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA 3.3 Ensure a log metric filter and alarm exist for usage of \"root\" account 3.4 Ensure a log metric filter and alarm exist for IAM policy changes 3.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures [PCI.CW.1] A log metric filter and alarm should exist for usage of the \"root\" user\nBy monitoring the root account, activity where accounts make unauthorized API calls, and changes to IAM permissions among other things, it may be possible to detect valid accounts that are being misused and are potentially compromised.\nThis is scored as Significant because it reports on suspicious activity by AWS accounts. ", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1078"}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS Security Hub performs a check from the AWS Foundations CIS Benchmark that, if implemented, would help towards detecting the manipulation of accounts. AWS Security Hub provides this detection with the following check.\n3.4 Ensure a log metric filter and alarm exist for IAM policy changes \nThis is scored as Significant because it can monitor all changes to IAM policy which can be used to detect any changes made to accounts. ", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1098"}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "AWS Security Hub performs checks from the AWS Foundations CIS Benchmark that, if implemented, would help towards detecting changes to key AWS services. AWS Security Hub provides these detections with the following checks.\n3.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes 3.9 Ensure a log metric filter and alarm exist for AWS Config configuration changes 3.10 Ensure a log metric filter and alarm exist for security group changes 3.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) 3.12 Ensure a log metric filter and alarm exist for changes to network gateways 3.13 Ensure a log metric filter and alarm exist for route table changes 3.14 Ensure a log metric filter and alarm exist for VPC changes\nThis is scored as Significant because it can detect when changes are made to key AWS services (e.g., CloudTrail, Config, etc.) such as when they stop logging or other configuration changes are made. ", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1562"}, {"comments": "AWS Security Hub performs checks from the AWS Foundations CIS Benchmark that, if implemented, would help towards detecting changes to key AWS services. AWS Security Hub provides these detections with the following checks.\n3.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes 3.9 Ensure a log metric filter and alarm exist for AWS Config configuration changes 3.10 Ensure a log metric filter and alarm exist for security group changes 3.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) 3.12 Ensure a log metric filter and alarm exist for changes to network gateways 3.13 Ensure a log metric filter and alarm exist for route table changes 3.14 Ensure a log metric filter and alarm exist for VPC changes\nThis is scored as Significant because it can detect when changes are made to key AWS services (e.g., CloudTrail, Config, etc.) such as when they stop logging or other configuration changes are made. ", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1562"}, {"comments": "AWS Security Hub performs checks from the AWS Foundations CIS Benchmark that, if implemented, would help towards detecting changes to key AWS services. AWS Security Hub provides these detections with the following checks.\n3.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes 3.9 Ensure a log metric filter and alarm exist for AWS Config configuration changes 3.10 Ensure a log metric filter and alarm exist for security group changes 3.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) 3.12 Ensure a log metric filter and alarm exist for changes to network gateways 3.13 Ensure a log metric filter and alarm exist for route table changes 3.14 Ensure a log metric filter and alarm exist for VPC changes\nThis is scored as Significant because it can detect when changes are made to key AWS services (e.g., CloudTrail, Config, etc.) such as when they stop logging or other configuration changes are made. ", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1562"}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS Security Hub performs a check from the AWS Foundations CIS Benchmark that, if implemented, would help towards detecting the brute forcing of accounts. AWS Security Hub provides this detection with the following checks.\n3.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures\nThis is scored as Minimal because it only applies to the AWS Management Console and not other access mechanisms (e.g., CLI, SDK, etc.). Furthermore, it does not detect brute-forcing methods for other components such as EC2 instances. ", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "AWS Security Hub performs a check from the AWS Foundations CIS Benchmark that, if implemented, would help towards detecting the brute forcing of accounts. AWS Security Hub provides this detection with the following checks.\n3.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures\nThis is scored as Minimal because it only applies to the AWS Management Console and not other access mechanisms (e.g., CLI, SDK, etc.). Furthermore, it does not detect brute-forcing methods for other components such as EC2 instances. ", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "AWS Security Hub performs a check from the AWS Foundations CIS Benchmark that, if implemented, would help towards detecting the brute forcing of accounts. AWS Security Hub provides this detection with the following checks.\n3.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures\nThis is scored as Minimal because it only applies to the AWS Management Console and not other access mechanisms (e.g., CLI, SDK, etc.). Furthermore, it does not detect brute-forcing methods for other components such as EC2 instances. ", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.aws.amazon.com/iam/index.html"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.aws.amazon.com/iam/index.html"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may mitigate the impact of compromised valid accounts by enabling fine-grained access policies and implementing least-privilege policies. MFA can provide protection against an adversary that obtains valid credentials by requiring the adversary to complete an additional authentication process before access is permitted.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "The Access Analyzer tool may detect when an external entity has been granted access to cloud resources through use of access policies. This tool will scan upon any change to access policies or periodically within 24 hours.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1078"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.aws.amazon.com/iam/index.html"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Access Analyzer tool may detect when an external entity has been granted access to cloud resources through use of access policies. This tool will scan upon any change to access policies or periodically within 24 hours.", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1098"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": ["https://docs.aws.amazon.com/iam/index.html"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may mitigate against application access token theft if the application is configured to retrieve temporary security credentials using an IAM role. This recommendation is a best practice for IAM but must be explicitly implemented by the application developer. ", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1550"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.aws.amazon.com/iam/index.html"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control may mitigate brute force attacks by enforcing multi-factor authentication, enforcing strong password policies, and rotating credentials periodically. These recommendations are IAM best practices but must be explicitly implemented by a cloud administrator.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control may mitigate brute force attacks by enforcing multi-factor authentication, enforcing strong password policies, and rotating credentials periodically. These recommendations are IAM best practices but must be explicitly implemented by a cloud administrator.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control may mitigate brute force attacks by enforcing multi-factor authentication, enforcing strong password policies, and rotating credentials periodically. These recommendations are IAM best practices but must be explicitly implemented by a cloud administrator.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://docs.aws.amazon.com/iam/index.html"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": ["https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html", "https://docs.aws.amazon.com/secretsmanager/latest/userguide/best-practices.html"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "AWS Secrets Manager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html", "https://docs.aws.amazon.com/secretsmanager/latest/userguide/best-practices.html"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "AWS Secrets Manager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html", "https://docs.aws.amazon.com/secretsmanager/latest/userguide/best-practices.html"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "AWS Secrets Manager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html", "https://docs.aws.amazon.com/secretsmanager/latest/userguide/best-practices.html"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "AWS Secrets Manager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may prevent harvesting of unsecured credentials by removing credentials and secrets from applications and configuration files and requiring authenticated API calls to retrieve those credentials and secrets. This control is relevant for credentials stored in applications or configuration files but not credentials entered directly by a user.", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Secrets Manager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1552"}, {"comments": "This control may prevent harvesting of unsecured credentials by removing credentials and secrets from applications and configuration files and requiring authenticated API calls to retrieve those credentials and secrets. This control is relevant for credentials stored in applications or configuration files but not credentials entered directly by a user.", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Secrets Manager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1552"}, {"comments": "This control may prevent harvesting of unsecured credentials by removing credentials and secrets from applications and configuration files and requiring authenticated API calls to retrieve those credentials and secrets. This control is relevant for credentials stored in applications or configuration files but not credentials entered directly by a user.", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Secrets Manager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1552"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block malicious or unwanted traffic leveraging application layer protocols. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1071"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block malicious or unwanted traffic leveraging application layer protocols. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1071"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block malicious or unwanted traffic leveraging application layer protocols. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1071"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block malicious or unwanted traffic leveraging application layer protocols. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1071"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block adversaries from carrying out denial of service attacks by implementing restrictions on which IP addresses and domains can access the resources (e.g., allow lists) as well as which protocol traffic is permitted. That is, the AWS Network Firewall could block the source of the denial of service attack. This mapping is given a score of Partial because the source of the attack would have to be known before rules could be put in place to protect against it. ", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block adversaries from carrying out denial of service attacks by implementing restrictions on which IP addresses and domains can access the resources (e.g., allow lists) as well as which protocol traffic is permitted. That is, the AWS Network Firewall could block the source of the denial of service attack. This mapping is given a score of Partial because the source of the attack would have to be known before rules could be put in place to protect against it. ", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block adversaries from carrying out denial of service attacks by implementing restrictions on which IP addresses and domains can access the resources (e.g., allow lists) as well as which protocol traffic is permitted. That is, the AWS Network Firewall could block the source of the denial of service attack. This mapping is given a score of Partial because the source of the attack would have to be known before rules could be put in place to protect against it. ", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block adversaries from accessing resources from which to exfiltrate data as well as prevent resources from communicating with known-bad IP addresses and domains that might be used to receive exfiltrated data. This mapping is given a score of Partial because the known-bad IP addresses and domains would need to be known in advance and AWS Network Firewall wouldn't have deep packet inspection visibility into encrypted non-C2 protocols. ", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block adversaries from accessing resources from which to exfiltrate data as well as prevent resources from communicating with known-bad IP addresses and domains that might be used to receive exfiltrated data. This mapping is given a score of Partial because the known-bad IP addresses and domains would need to be known in advance and AWS Network Firewall wouldn't have deep packet inspection visibility into encrypted non-C2 protocols. ", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block adversaries from accessing resources from which to exfiltrate data as well as prevent resources from communicating with known-bad IP addresses and domains that might be used to receive exfiltrated data. This mapping is given a score of Partial because the known-bad IP addresses and domains would need to be known in advance and AWS Network Firewall wouldn't have deep packet inspection visibility into encrypted non-C2 protocols. ", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block the sources of smaller-scale network denial of service attacks. This mapping is given a score of Minimal because often times it is necessary to block the traffic at an Internet Service Provider or Content Provider Network level. ", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1498"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block the sources of smaller-scale network denial of service attacks. This mapping is given a score of Minimal because often times it is necessary to block the traffic at an Internet Service Provider or Content Provider Network level. ", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1498"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block traffic from known bad IP addresses and to known bad domains that serve as proxies for adversaries. This mapping is given a score of partial because it only blocks known bad IP addresses and domains and does not protect against unknown ones.", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block traffic from known bad IP addresses and to known bad domains that serve as proxies for adversaries. This mapping is given a score of partial because it only blocks known bad IP addresses and domains and does not protect against unknown ones.", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to only allow remote services from trusted hosts (i.e., only allow remote access traffic from certain hosts). This mapping is given a score of Partial because even though it can restrict remote services traffic from untrusted hosts, it cannot protect against an adversary using a trusted host that is permitted to use remote services as part of an attack.", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to only allow remote services from trusted hosts (i.e., only allow remote access traffic from certain hosts). This mapping is given a score of Partial because even though it can restrict remote services traffic from untrusted hosts, it cannot protect against an adversary using a trusted host that is permitted to use remote services as part of an attack.", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to only allow remote services from trusted hosts (i.e., only allow remote access traffic from certain hosts). This mapping is given a score of Partial because even though it can restrict remote services traffic from untrusted hosts, it cannot protect against an adversary using a trusted host that is permitted to use remote services as part of an attack.", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to only allow remote services from trusted hosts (i.e., only allow remote access traffic from certain hosts). This mapping is given a score of Partial because even though it can restrict remote services traffic from untrusted hosts, it cannot protect against an adversary using a trusted host that is permitted to use remote services as part of an attack.", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to only allow remote services from trusted hosts (i.e., only allow remote access traffic from certain hosts). This mapping is given a score of Partial because even though it can restrict remote services traffic from untrusted hosts, it cannot protect against an adversary using a trusted host that is permitted to use remote services as part of an attack.", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block traffic to unused ports from reaching hosts on the network which may help protect against port knocking from external systems. This mapping is given a score of partial because the AWS Network Firewall does not do anything to protect against port knocking among hosts within the network and behind the firewall.", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1205"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to restrict access to the endpoints within the virtual private cloud and protect against active scanning. This mapping is given a score of Partial because it only protects against active scanning attacks that originate from outside the firewall and not from within network protected by the firewall. ", "attack-object-id": "T1595.001", "attack-object-name": "Scanning IP Blocks", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to restrict access to the endpoints within the virtual private cloud and protect against active scanning. This mapping is given a score of Partial because it only protects against active scanning attacks that originate from outside the firewall and not from within network protected by the firewall. ", "attack-object-id": "T1595.002", "attack-object-name": "Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block traffic over known TFTP ports. This mapping is given a score of Partial because AWS Network Firewall does not do anything to protect against TFTP booting among hosts within the network and behind the firewall.", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1542"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1018", "attack-object-name": "Remote System Discovery", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1590", "attack-object-name": "Gather Victim Network Information", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to restrict access to the endpoints within the virtual private cloud and protect against adversaries gathering information about the network. This mapping is given a score of Partial because it only protects against attempts to gather information via scanning that originate from outside the firewall and it does not protect against phishing. ", "attack-object-id": "T1590.001", "attack-object-name": "Domain Properties", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to restrict access to the endpoints within the virtual private cloud and protect against adversaries gathering information about the network. This mapping is given a score of Partial because it only protects against attempts to gather information via scanning that originate from outside the firewall and it does not protect against phishing. ", "attack-object-id": "T1590.004", "attack-object-name": "Network Topology", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to restrict access to the endpoints within the virtual private cloud and protect against adversaries gathering information about the network. This mapping is given a score of Partial because it only protects against attempts to gather information via scanning that originate from outside the firewall and it does not protect against phishing. ", "attack-object-id": "T1590.005", "attack-object-name": "IP Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to restrict access to the endpoints within the virtual private cloud and protect against adversaries gathering information about the network. This mapping is given a score of Partial because it only protects against attempts to gather information via scanning that originate from outside the firewall and it does not protect against phishing. ", "attack-object-id": "T1590.006", "attack-object-name": "Network Security Appliances", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "AWS Single Sign-On", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may protect against malicious use of valid accounts by implementing fine grained and least privilege access through use of permission sets (a collection of administrator-defined policies that AWS SSO uses to determine a user's effective permissions to access a given AWS account). The ability to reduce the set of credentials and accounts needed for a user allows for simpler and safer access and privilege management.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Single Sign-On", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "This control may protect against malicious use of valid accounts by implementing fine grained and least privilege access through use of permission sets (a collection of administrator-defined policies that AWS SSO uses to determine a user's effective permissions to access a given AWS account). The ability to reduce the set of credentials and accounts needed for a user allows for simpler and safer access and privilege management.", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Single Sign-On", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "AWS Single Sign-On", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "AWS Single Sign-On", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may protect against brute force techniques by enabling multi-factor authentication. All accounts that can be replace with single sign-on can benefit from a unified multi-factor authentication requirement.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Single Sign-On", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control may protect against brute force techniques by enabling multi-factor authentication. All accounts that can be replace with single sign-on can benefit from a unified multi-factor authentication requirement.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Single Sign-On", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control may protect against brute force techniques by enabling multi-factor authentication. All accounts that can be replace with single sign-on can benefit from a unified multi-factor authentication requirement.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Single Sign-On", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://aws.amazon.com/cloudhsm/", "https://docs.aws.amazon.com/cloudhsm/latest/userguide/use-cases.html", "https://docs.aws.amazon.com/cloudhsm/latest/userguide/introduction.html"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "AWS CloudHSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This service provides a more secure alternative to storing encryption keys in the file system. As a result of this service only supporting cryptographic keys and not other types of credentials, the coverage score is assessed as Partial resulting in an overall Partial score.", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS CloudHSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1552"}, {"comments": "This service allows for securely storing encryption keys and enforcing fine-grained access to the keys. The service does not allow anyone access to retrieve plaintext keys from the service.", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS CloudHSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1552"}, {"comments": "", "attack-object-id": "T1588", "attack-object-name": "Obtain Capabilities", "references": ["https://aws.amazon.com/cloudhsm/", "https://docs.aws.amazon.com/cloudhsm/latest/userguide/use-cases.html", "https://docs.aws.amazon.com/cloudhsm/latest/userguide/introduction.html"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "AWS CloudHSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Certificate credentials can be stored in AWS CloudHSM which reduces the attack surface and threat from these sub-techniques.", "attack-object-id": "T1588.004", "attack-object-name": "Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS CloudHSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1588"}, {"comments": "Certificate credentials can be stored in AWS CloudHSM which reduces the attack surface and threat from these sub-techniques.", "attack-object-id": "T1588.003", "attack-object-name": "Code Signing Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS CloudHSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1588"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": ["https://aws.amazon.com/cloudhsm/", "https://docs.aws.amazon.com/cloudhsm/latest/userguide/use-cases.html", "https://docs.aws.amazon.com/cloudhsm/latest/userguide/introduction.html"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "AWS CloudHSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Use cases in documentation show that certificate credentials can be stored in AWS CloudHSM which reduces the attack surface and threat from these sub-techniques.", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS CloudHSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1553"}, {"comments": "Use cases in documentation show that certificate credentials can be stored in AWS CloudHSM which reduces the attack surface and threat from these sub-techniques.", "attack-object-id": "T1553.002", "attack-object-name": "Code Signing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS CloudHSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1553"}]} \ No newline at end of file +{"metadata": {"mapping-version": 1, "attack-version": 9, "technology-domain": "enterprise", "author": "", "contact": "ctid@mitre-engenuity.org", "creation-date": "07/22/2021", "last-update": "", "organization": "", "mapping-framework": "AWS", "mapping-framework-version": ""}, "attack-objects": [{"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "AWS RDS supports the encryption of database instances using the AES-256 encryption algorithm. This can protect database instances from being modified at rest. Furthermore, AWS RDS supports TLS/SSL connections which protect data from being modified during transit. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1565"}, {"comments": "AWS RDS supports the replication and recovery of database instances. In the event that data is manipulated, AWS RDS can be used to restore the database instance to a previous point in time. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1565"}, {"comments": "AWS RDS supports the encryption of database instances using the AES-256 encryption algorithm. This can protect database instances from being modified at rest. Furthermore, AWS RDS supports TLS/SSL connections which protect data from being modified during transit. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1565"}, {"comments": "AWS RDS supports the replication and recovery of database instances. In the event that data is manipulated, AWS RDS can be used to restore the database instance to a previous point in time. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1565"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS RDS supports the replication and recovery of database instances. In the event that a database instance is deleted during a disk wipe, AWS RDS can be used to restore the database instance to a previous point in time. However, this mapping is only given a score of Partial because AWS RDS only provides a backup of the database instance and not the underlying system that it is hosted on.", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Minimal", "related-score": "T1561"}, {"comments": "AWS RDS supports the replication and recovery of database instances. In the event that a database instance is deleted during a disk wipe, AWS RDS can be used to restore the database instance to a previous point in time. However, this mapping is only given a score of Partial because AWS RDS only provides a backup of the database instance and not the underlying system that it is hosted on.", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Minimal", "related-score": "T1561"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1529", "attack-object-name": "System Shutdown/Reboot", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": ["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"], "tags": ["Database"], "mapping-description": "", "capability-id": "AWS RDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1020", "attack-object-name": "Automated Exfiltration", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure SSL/TLS encryption is enabled to protect network traffic: \"acm-certificate-expiration-check\" for nearly expired certificates in AWS Certificate Manager (ACM); \"alb-http-to-https-redirection-check\" for Application Load Balancer (ALB) HTTP listeners; \"api-gw-ssl-enabled\" for API Gateway REST API stages; \"cloudfront-custom-ssl-certificate\", \"cloudfront-sni-enabled\", and \"cloudfront-viewer-policy-https\", for Amazon CloudFront distributions; \"elb-acm-certificate-required\", \"elb-custom-security-policy-ssl-check\", \"elb-predefined-security-policy-ssl-check\", and \"elb-tls-https-listeners-only\" for Elastic Load Balancing (ELB) Classic Load Balancer listeners; \"redshift-require-tls-ssl\" for Amazon Redshift cluster connections to SQL clients; \"s3-bucket-ssl-requests-only\" for requests for S3 bucket contents; and \"elasticsearch-node-to-node-encryption-check\" for Amazon ElasticSearch Service node-to-node communications.\nAll of these are run on configuration changes except \"alb-http-to-https-redirection-check\", which is run periodically. Coverage factor is partial for these rules, since they are specific to a subset of the available AWS services and can only mitigate behavior for adversaries who are unable to decrypt the relevant traffic, resulting in an overall score of Partial.", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1020"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The \"eks-endpoint-no-public-access\" managed rule can identify whether Amazon Elastic Kubernetes Service (Amazon EKS) endpoints are misconfigured to allow public endpoint access, which should be fixed in order to prevent malicious external access to the Kubernetes API server, including malicious attempts to create or modify orchestration jobs. It is run periodically and only provides partial coverage because it is specific to public access, resulting in an overall score of Partial.", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1053"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure multi-factor authentication (MFA) is enabled properly, which can provide protection against attempted misuse of cloud accounts: \"iam-user-mfa-enabled\", \"mfa-enabled-for-iam-console-access\", \"root-account-hardware-mfa-enabled\", and \"root-account-mfa-enabled\". All of these controls are run periodically.\nThe following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure that appropriate AWS Identity and Access Management (IAM) policies are in place to enforce fine-grained access policies and mitigate the impact of compromised valid accounts: \"iam-customer-policy-blocked-kms-actions\", \"iam-inline-policy-blocked-kms-actions\", \"iam-no-inline-policy-check\", \"iam-group-has-users-check\", \"iam-policy-blacklisted-check\", \"iam-policy-no-statements-with-admin-access\", \"iam-policy-no-statements-with-full-access\", \"iam-role-managed-policy-check\", \"iam-user-group-membership-check\", \"iam-user-no-policies-check\", and \"ec2-instance-profile-attached\" are run on configuration changes. \"iam-password-policy\", \"iam-policy-in-use\", \"iam-root-access-key-check\", \"iam-user-mfa-enabled\", \"iam-user-unused-credentials-check\", and \"mfa-enabled-for-iam-console-access\" are run periodically. The \"access-keys-rotated\" managed rule ensures that IAM access keys are rotated at an appropriate rate.\nGiven that these rules provide robust coverage for a variety of IAM configuration problems and most are evaluated on configuration changes, they result in an overall score of Significant.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1078"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure multi-factor authentication (MFA) is enabled properly, which can provide protection against attempted manipulation of cloud accounts: \"iam-user-mfa-enabled\", \"mfa-enabled-for-iam-console-access\", \"root-account-hardware-mfa-enabled\", and \"root-account-mfa-enabled\". All of these controls are run periodically and provide partial coverage, since adversaries may be able to manipulate cloud credentials via other mechanisms, resulting in an overall score of Partial.", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1098"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "The following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure multi-factor authentication (MFA) is enabled properly, which can significantly impede brute force authentication attempts by requiring adversaries to provide a second form of authentication even if they succeed in brute forcing a password via one of these sub-techniques: \"iam-user-mfa-enabled\", \"mfa-enabled-for-iam-console-access\", \"root-account-hardware-mfa-enabled\", and \"root-account-mfa-enabled\".\nThe \"iam-password-policy\" managed rule can identify insufficient password requirements that should be fixed in order to make brute force authentication more difficult by increasing the complexity of user passwords and decreasing the amount of time before they are rotated, giving adversaries less time to brute force passwords and making it more time consuming and resource intensive to do so. This is especially important in the case of Password Cracking, since adversaries in possession of password hashes may be able to recover usable credentials more quickly and do so without generating detectable noise via invalid login attempts.\nAll of these controls are run periodically, but implemented policies are enforced continuously once set and coverage factor is significant, resulting in an overall score of Significant.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "The following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure multi-factor authentication (MFA) is enabled properly, which can significantly impede brute force authentication attempts by requiring adversaries to provide a second form of authentication even if they succeed in brute forcing a password via one of these sub-techniques: \"iam-user-mfa-enabled\", \"mfa-enabled-for-iam-console-access\", \"root-account-hardware-mfa-enabled\", and \"root-account-mfa-enabled\".\nThe \"iam-password-policy\" managed rule can identify insufficient password requirements that should be fixed in order to make brute force authentication more difficult by increasing the complexity of user passwords and decreasing the amount of time before they are rotated, giving adversaries less time to brute force passwords and making it more time consuming and resource intensive to do so. This is especially important in the case of Password Cracking, since adversaries in possession of password hashes may be able to recover usable credentials more quickly and do so without generating detectable noise via invalid login attempts.\nAll of these controls are run periodically, but implemented policies are enforced continuously once set and coverage factor is significant, resulting in an overall score of Significant.", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "The following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure multi-factor authentication (MFA) is enabled properly, which can significantly impede brute force authentication attempts by requiring adversaries to provide a second form of authentication even if they succeed in brute forcing a password via one of these sub-techniques: \"iam-user-mfa-enabled\", \"mfa-enabled-for-iam-console-access\", \"root-account-hardware-mfa-enabled\", and \"root-account-mfa-enabled\".\nThe \"iam-password-policy\" managed rule can identify insufficient password requirements that should be fixed in order to make brute force authentication more difficult by increasing the complexity of user passwords and decreasing the amount of time before they are rotated, giving adversaries less time to brute force passwords and making it more time consuming and resource intensive to do so. This is especially important in the case of Password Cracking, since adversaries in possession of password hashes may be able to recover usable credentials more quickly and do so without generating detectable noise via invalid login attempts.\nAll of these controls are run periodically, but implemented policies are enforced continuously once set and coverage factor is significant, resulting in an overall score of Significant.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "The following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure multi-factor authentication (MFA) is enabled properly, which can significantly impede brute force authentication attempts by requiring adversaries to provide a second form of authentication even if they succeed in brute forcing a password via one of these sub-techniques: \"iam-user-mfa-enabled\", \"mfa-enabled-for-iam-console-access\", \"root-account-hardware-mfa-enabled\", and \"root-account-mfa-enabled\".\nThe \"iam-password-policy\" managed rule can identify insufficient password requirements that should be fixed in order to make brute force authentication more difficult by increasing the complexity of user passwords and decreasing the amount of time before they are rotated, giving adversaries less time to brute force passwords and making it more time consuming and resource intensive to do so. This is especially important in the case of Password Cracking, since adversaries in possession of password hashes may be able to recover usable credentials more quickly and do so without generating detectable noise via invalid login attempts.\nAll of these controls are run periodically, but implemented policies are enforced continuously once set and coverage factor is significant, resulting in an overall score of Significant.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure multi-factor authentication (MFA) is enabled properly, which can provide significant protection against attempted manipulation of cloud accounts, including the creation of new ones: \"iam-user-mfa-enabled\", \"mfa-enabled-for-iam-console-access\", \"root-account-hardware-mfa-enabled\", and \"root-account-mfa-enabled\". All of these controls are run periodically and provide partial coverage, since adversaries may be able to create cloud credentials via other mechanisms, resulting in an overall score of Partial.", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1136"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following AWS Config managed rules can identify running instances that are not using AMIs within a specified allow list: \"approved-amis-by-id\" and \"approved-amis-by-tag\", both of which are run on configuration changes. They provide significant coverage, resulting in an overall score of Significant.", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1204"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "The following AWS Config managed rules can identify configuration problems that should be fixed in order to prevent malicious write access to data within Amazon Simple Storage Service (S3) storage, which may include internal and/or external defacement: \"s3-bucket-blacklisted-actions-prohibited\" checks whether bucket policies prohibit disallowed actions (including encryption configuration changes) for principals from other AWS accounts, \"s3-bucket-default-lock-enabled\" checks whether a bucket that should be locked in write-once-read-many (WORM) mode is configured to prevent modification, and \"s3-bucket-public-write-prohibited\" checks whether a bucket is configured to allow public access and modification. All of these controls are run on configuration changes.\nThe following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure backups and redundancy are in place which can mitigate the effects of malicious defacement: \"aurora-mysql-backtracking-enabled\" for data in Aurora MySQL; \"db-instance-backup-enabled\" and \"rds-in-backup-plan\" for Amazon Relational Database Service (RDS) data; \"dynamodb-in-backup-plan\" and \"dynamodb-pitr-enabled\" for Amazon DynamoDB table contents; \"ebs-in-backup-plan\" for Elastic Block Store (EBS) volumes; \"efs-in-backup-plan\" for Amazon Elastic File System (EFS) file systems; \"elasticache-redis-cluster-automatic-backup-check\" for Amazon ElastiCache Redis cluster data; \"redshift-backup-enabled\" and \"redshift-cluster-maintenancesettings-check\" for Redshift; \"s3-bucket-replication-enabled\" and \"s3-bucket-versioning-enabled\" for S3 storage; and \"cloudfront-origin-failover-enabled\" for CloudFront.\nCoverage factor is significant for these rules, since they cover a wide range of services used to host content for websites within AWS, resulting in an overall score of Significant.", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1491"}, {"comments": "The following AWS Config managed rules can identify configuration problems that should be fixed in order to prevent malicious write access to data within Amazon Simple Storage Service (S3) storage, which may include internal and/or external defacement: \"s3-bucket-blacklisted-actions-prohibited\" checks whether bucket policies prohibit disallowed actions (including encryption configuration changes) for principals from other AWS accounts, \"s3-bucket-default-lock-enabled\" checks whether a bucket that should be locked in write-once-read-many (WORM) mode is configured to prevent modification, and \"s3-bucket-public-write-prohibited\" checks whether a bucket is configured to allow public access and modification. All of these controls are run on configuration changes.\nThe following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure backups and redundancy are in place which can mitigate the effects of malicious defacement: \"aurora-mysql-backtracking-enabled\" for data in Aurora MySQL; \"db-instance-backup-enabled\" and \"rds-in-backup-plan\" for Amazon Relational Database Service (RDS) data; \"dynamodb-in-backup-plan\" and \"dynamodb-pitr-enabled\" for Amazon DynamoDB table contents; \"ebs-in-backup-plan\" for Elastic Block Store (EBS) volumes; \"efs-in-backup-plan\" for Amazon Elastic File System (EFS) file systems; \"elasticache-redis-cluster-automatic-backup-check\" for Amazon ElastiCache Redis cluster data; \"redshift-backup-enabled\" and \"redshift-cluster-maintenancesettings-check\" for Redshift; \"s3-bucket-replication-enabled\" and \"s3-bucket-versioning-enabled\" for S3 storage; and \"cloudfront-origin-failover-enabled\" for CloudFront.\nCoverage factor is significant for these rules, since they cover a wide range of services used to host content for websites within AWS, resulting in an overall score of Significant.", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1491"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The \"elb-cross-zone-load-balancing-enabled\" managed rule can verify that load balancing is properly configured, which can mitigate adversaries' ability to perform Denial of Service (DoS) attacks and impact resource availability. \"cloudfront-origin-failover-enabled\" can verify that failover policies are in place to increase CloudFront content availability.\nCoverage factor is minimal for these rules, since they are specific to a subset of the available AWS services, resulting in an overall score of Minimal.", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1498"}, {"comments": "The \"elb-cross-zone-load-balancing-enabled\" managed rule can verify that load balancing is properly configured, which can mitigate adversaries' ability to perform Denial of Service (DoS) attacks and impact resource availability. \"cloudfront-origin-failover-enabled\" can verify that failover policies are in place to increase CloudFront content availability.\nCoverage factor is minimal for these rules, since they are specific to a subset of the available AWS services, resulting in an overall score of Minimal.", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1498"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The \"elb-cross-zone-load-balancing-enabled\" managed rule can verify that load balancing is properly configured, which can mitigate adversaries' ability to perform Denial of Service (DoS) attacks and impact resource availability. \"cloudfront-origin-failover-enabled\" can verify that failover policies are in place to increase CloudFront content availability.\nCoverage factor is minimal for these rules, since they are specific to a subset of the available AWS services, resulting in an overall score of Minimal.", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1499"}, {"comments": "The \"elb-cross-zone-load-balancing-enabled\" managed rule can verify that load balancing is properly configured, which can mitigate adversaries' ability to perform Denial of Service (DoS) attacks and impact resource availability. \"cloudfront-origin-failover-enabled\" can verify that failover policies are in place to increase CloudFront content availability.\nCoverage factor is minimal for these rules, since they are specific to a subset of the available AWS services, resulting in an overall score of Minimal.", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1499"}, {"comments": "The \"elb-cross-zone-load-balancing-enabled\" managed rule can verify that load balancing is properly configured, which can mitigate adversaries' ability to perform Denial of Service (DoS) attacks and impact resource availability. \"cloudfront-origin-failover-enabled\" can verify that failover policies are in place to increase CloudFront content availability.\nCoverage factor is minimal for these rules, since they are specific to a subset of the available AWS services, resulting in an overall score of Minimal.", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1499"}, {"comments": "The \"elb-cross-zone-load-balancing-enabled\" managed rule can verify that load balancing is properly configured, which can mitigate adversaries' ability to perform Denial of Service (DoS) attacks and impact resource availability. \"cloudfront-origin-failover-enabled\" can verify that failover policies are in place to increase CloudFront content availability.\nCoverage factor is minimal for these rules, since they are specific to a subset of the available AWS services, resulting in an overall score of Minimal.", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1499"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The following AWS Config managed rules can identify configuration problems that should be fixed in order to prevent malicious access of data within Amazon Simple Storage Service (S3) storage, which may include files containing credentials: \"s3-account-level-public-access-blocks\", \"s3-bucket-level-public-access-prohibited\", \"s3-bucket-public-read-prohibited\", \"s3-bucket-policy-not-more-permissive\", \"cloudfront-origin-access-identity-enabled\", and \"cloudfront-default-root-object-configured\" identify objects that are publicly available or subject to overly permissive access policies; and \"s3-bucket-policy-grantee-check\" checks whether bucket policies appropriately control which AWS principals, federated users, service principals, IP addresses, and VPCs have access. All of these controls are run on configuration changes.\nThe following AWS Config managed rules can identify configuration problems that should be fixed in order to ensure that cloud storage data - which may include files containing credentials - are encrypted to prevent malicious access: \"s3-bucket-server-side-encryption-enabled\" and \"s3-default-encryption-kms\" for S3 storage, \"ec2-ebs-encryption-by-default\" and \"encrypted-volumes\" for EBS volumes.\nCoverage factor is partial for these rules, since they are specific to a subset of the available AWS services, resulting in an overall score of Partial.", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1552"}, {"comments": "The \"ec2-imdsv2-check\" managed rule can identify instances which are configured to use the outdated Instance Metadata Service Version 1 (IMDSv1), which is less secure than IMDSv2. This provides partial coverage, since adversaries may find ways to exploit the more secure IMDSv2, resulting in an overall score of Partial.", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1552"}, {"comments": "The \"eks-endpoint-no-public-access\" managed rule can identify whether Amazon Elastic Kubernetes Service (Amazon EKS) endpoints are misconfigured to allow public endpoint access, which should be fixed in order to prevent malicious external access to the Kubernetes API server, including malicious attempts to gather credentials via the API. The \"eks-secrets-encrypted\" managed rule can identify configuration problems that should be fixed in order to ensure that Kubernetes secrets (including those containing credentials) are encrypted to prevent malicious access. Both controls are run periodically and only provide partial coverage because they are specific to public access and adversaries without the ability to decrypt secrets, respectively, resulting in an overall score of Partial.", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1552"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The \"ec2-managedinstance-applications-required\" managed rule verifies that all applications in a pre-defined list of requirements are installed on specified managed instances, and is run on configuration changes. It will not detect modification to those applications, but will detect if they are uninstalled. The \"ec2-managedinstance-applications-blacklisted\" managed rule verifies that a pre-defined list of applications are not installed on specified managed instances, and can be used to detect installation of applications below a minimum version, which can identify adversary attempts to downgrade required tools to insecure or ineffective older versions. Given the host-based scoping of this technique, coverage is partial, resulting in an overall score of Partial.", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1562"}, {"comments": "The following AWS Config managed rules can identify potentially malicious changes to cloud firewall status and ensure that a WAF is enabled and enforcing specified ACLs: \"lab-waf-enabled\" for Application Load Balancers; \"api-gw-associated-with-waf\" for Amazon API Gateway API stages; \"cloudfront-associated-with-waf\" for Amazon CloudFront distributions; \"fms-webacl-resource-policy-check\", \"fms-webacl-resource-policy-check\", and \"fms-webacl-rulegroup-association-check\" for AWS Firewall Manager; \"vpc-default-security-group-closed\", \"vpc-network-acl-unused-check\", and \"vpc-sg-open-only-to-authorized-ports\" for VPC security groups; and \"ec2-security-group-attached-to-eni\" for EC2 and ENI security groups; all of which are run on configuration changes.\nThe following AWS Config managed rules can identify specific configuration changes to VPC configuration that may suggest malicious modification to bypass protections: \"internet-gateway-authorized-vpc-only\" can identify Internet gateways (IGWs) attached to unauthorized VPCs, which can allow unwanted communication between a VPC and the Internet; \"lambda-inside-vpc\" can identify VPCs that have granted execution access to unauthorized Lambda functions; \"service-vpc-endpoint-enabled\" can verify that endpoints are active for the appropriate services across VPCs; \"subnet-auto-assign-public-ip-disabled\" checks for public IP addresses assigned to subnets within VPCs.\nCoverage factor is significant for these rules, since they cover firewall configuration for and via a wide range of services, resulting in an overall score of Significant.", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1562"}, {"comments": "The following AWS Config managed rules can identify potentially malicious changes to cloud logging: \"api-gw-execution-logging-enabled\", \"cloudfront-accesslogs-enabled\", \"elasticsearch-logs-to-cloudwatch\", \"elb-logging-enabled\", \"redshift-cluster-configuration-check\", \"rds-logging-enabled\", and \"s3-bucket-logging-enabled\" are run on configuration changes. \"cloudtrail-security-trail-enabled\", \"cloud-trail-cloud-watch-logs-enabled\", \"cloudtrail-s3-dataevents-enabled\", \"vpc-flow-logs-enabled\", \"waf-classic-logging-enabled\", and \"wafv2-logging-enabled\" are run periodically.\nCoverage factor is significant for these rules, since they cover logging configuration for a wide range of services, resulting in an overall score of Significant.", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1562"}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings are based on the set of AWS managed rules provided by AWS Config, which are predefined rules that AWS Config uses to test for compliance with common best practices.\nAWS Config rules can be set to one of two types, \"configuration changes\" and \"periodic\", which are evaluated upon configuration changes and at a user-defined period, respectively.", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": ["https://docs.aws.amazon.com/config", "https://docs.aws.amazon.com/config/latest/developerguide", "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Config", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The S3 server access logging feature was not mapped because it was deemed to be a data source that can be used with other detective controls rather than a security control in of itself.", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.aws.amazon.com/AmazonS3/latest/userguide/Welcome.html"], "tags": ["Storage"], "mapping-description": "", "capability-id": "AWS S3", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "The S3 server access logging feature was not mapped because it was deemed to be a data source that can be used with other detective controls rather than a security control in of itself.", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.aws.amazon.com/AmazonS3/latest/userguide/Welcome.html"], "tags": ["Storage"], "mapping-description": "", "capability-id": "AWS S3", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "There are a few finding types offered by GuardDuty that flag this behavior: Recon:EC2/PortProbeEMRUnprotectedPort, Recon:EC2/PortProbeUnprotectedPort, Recon:EC2/Portscan, Impact:EC2/PortSweep.", "attack-object-id": "T1595.001", "attack-object-name": "Scanning IP Blocks", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "There are finding types that show when an EC2 instance is probing other AWS resources for information. Recon:EC2/PortProbeEMRUnprotectedPort, Recon:EC2/PortProbeUnprotectedPort, Recon:EC2/Portscan, Impact:EC2/PortSweep", "attack-object-id": "T1595.002", "attack-object-name": "Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The domain associated with phishing can be delivered by various means these sub-techniques are added to the mapping and scoring of this Security service.", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1566"}, {"comments": "The domain associated with phishing can be delivered by various means these sub-techniques are added to the mapping and scoring of this Security service.", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1566"}, {"comments": "The domain associated with phishing can be delivered by various means these sub-techniques are added to the mapping and scoring of this Security service.", "attack-object-id": "T1566.003", "attack-object-name": "Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1566"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Listed findings above flag instances where there are indications of account compromise.", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "Listed findings above flag instances where there are indications of account compromise.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The Persistence:IAMUser/AnomalousBehavior finding can detect anomalous API requests that can be used by adversaries to maintain persistence such as CreateAccessKey, ImportKeyPair.", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1098"}, {"comments": "The Persistence:IAMUser/AnomalousBehavior finding can detect anomalous API requests that can be used by adversaries to maintain persistence such as CreateAccessKey, ImportKeyPair.", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1098"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The following GuardDuty findings provide indicators of malicious activity in defense measures:\nStealth:IAMUser/CloudTrailLoggingDisabled Stealth:IAMUser/PasswordPolicyChange Stealth:S3/ServerAccessLoggingDisabled Impact:S3/MaliciousIPCaller Exfiltration:S3/MaliciousIPCaller Exfiltration:S3/ObjectRead.Unusual PenTest:S3/KaliLinux PenTest:S3/ParrotLinux PenTest:S3/PentooLinux UnauthorizedAccess:S3/MaliciousIPCaller.Custom UnauthorizedAccess:S3/TorIPCaller", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1562"}, {"comments": "The following GuardDuty findings provide indicators of malicious activity in defense measures:\nStealth:IAMUser/CloudTrailLoggingDisabled Stealth:IAMUser/PasswordPolicyChange Stealth:S3/ServerAccessLoggingDisabled Impact:S3/MaliciousIPCaller Exfiltration:S3/MaliciousIPCaller Exfiltration:S3/ObjectRead.Unusual PenTest:S3/KaliLinux PenTest:S3/ParrotLinux PenTest:S3/PentooLinux UnauthorizedAccess:S3/MaliciousIPCaller.Custom UnauthorizedAccess:S3/TorIPCaller", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1562"}, {"comments": "The following GuardDuty findings provide indicators of malicious activity in defense measures:\nStealth:IAMUser/CloudTrailLoggingDisabled Stealth:IAMUser/PasswordPolicyChange Stealth:S3/ServerAccessLoggingDisabled Impact:S3/MaliciousIPCaller Exfiltration:S3/MaliciousIPCaller Exfiltration:S3/ObjectRead.Unusual PenTest:S3/KaliLinux PenTest:S3/ParrotLinux PenTest:S3/PentooLinux UnauthorizedAccess:S3/MaliciousIPCaller.Custom UnauthorizedAccess:S3/TorIPCaller", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1562"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Due to the detection being limited to a specific set of application protocols, its coverage is Minimal resulting in a Minimal score.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "Due to the detection being limited to a specific set of application protocols, its coverage is Minimal resulting in a Minimal score.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "Due to the detection being limited to a specific set of application protocols, its coverage is Minimal resulting in a Minimal score.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following finding types in Amazon GuardDuty can be used to identify potentially malicious interactions with S3 which may lead to the compromise of any credential files stored in S3: Impact:S3/MaliciousIPCaller Exfiltration:S3/MaliciousIPCaller Exfiltration:S3/ObjectRead.Unusual PenTest:S3/KaliLinux PenTest:S3/ParrotLinux PenTest:S3/PentooLinux UnauthorizedAccess:S3/MaliciousIPCaller.Custom UnauthorizedAccess:S3/TorIPCaller\nThe score is capped at Partial since the findings only apply to credential files stored within S3 buckets and only certain types of suspicious behaviors.", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1552"}, {"comments": "The UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration finding type flags attempts to run AWS API operations from a host outside of EC2 using temporary AWS credentials that were created on an EC2 instance in your AWS environment. This may indicate that the temporary credentials have been compromised. Score is capped at Minimal because external use is required for detection.", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1552"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1526", "attack-object-name": "Cloud Service Discovery", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "GuardDuty flags events matching the following finding types that relate to adversaries attempting to communicate using application layer protocols to avoid detection.\nUnauthorizedAccess:EC2/MaliciousIPCaller.Custom Backdoor:EC2/C&CActivity.B Backdoor:EC2/C&CActivity.B!DNS Trojan:EC2/BlackholeTraffic Trojan:EC2/BlackholeTraffic!DNS Trojan:EC2/DropPoint Trojan:EC2/DropPoint!DNS Backdoor:EC2/C&CActivity.B Impact:EC2/MaliciousDomainRequest.Reputation Impact:EC2/SuspiciousDomainRequest.Reputation", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "GuardDuty flags events matching the following finding types that relate to adversaries attempting to communicate using application layer protocols to avoid detection.\nUnauthorizedAccess:EC2/MaliciousIPCaller.Custom Backdoor:EC2/C&CActivity.B Backdoor:EC2/C&CActivity.B!DNS Trojan:EC2/BlackholeTraffic Trojan:EC2/BlackholeTraffic!DNS Trojan:EC2/DropPoint Trojan:EC2/DropPoint!DNS Backdoor:EC2/C&CActivity.B Impact:EC2/MaliciousDomainRequest.Reputation Impact:EC2/SuspiciousDomainRequest.Reputation", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "GuardDuty flags events matching the following finding types that relate to adversaries attempting to communicate using application layer protocols to avoid detection.\nUnauthorizedAccess:EC2/MaliciousIPCaller.Custom Backdoor:EC2/C&CActivity.B Backdoor:EC2/C&CActivity.B!DNS Trojan:EC2/BlackholeTraffic Trojan:EC2/BlackholeTraffic!DNS Trojan:EC2/DropPoint Trojan:EC2/DropPoint!DNS Backdoor:EC2/C&CActivity.B Impact:EC2/MaliciousDomainRequest.Reputation Impact:EC2/SuspiciousDomainRequest.Reputation", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "GuardDuty flags events matching the following finding types that relate to adversaries attempting to communicate using application layer protocols to avoid detection.\nUnauthorizedAccess:EC2/MaliciousIPCaller.Custom Backdoor:EC2/C&CActivity.B Backdoor:EC2/C&CActivity.B!DNS Trojan:EC2/BlackholeTraffic Trojan:EC2/BlackholeTraffic!DNS Trojan:EC2/DropPoint Trojan:EC2/DropPoint!DNS Backdoor:EC2/C&CActivity.B Impact:EC2/MaliciousDomainRequest.Reputation Impact:EC2/SuspiciousDomainRequest.Reputation", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "GuardDuty has the following finding types to flag events where adversaries may dynamically establish connections to command-and-control infrastructure to evade common detections and remediations.\nTrojan:EC2/DGADomainRequest.B Trojan:EC2/DGADomainRequest.C!DNS", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1568"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The UnauthorizedAccess:EC2/TorClient GuardDuty finding type flags events where adversaries may use a connection proxy to direct network traffic between systems or act as an intermediary for network communications to a command-and-control server to avoid direct connections to their infrastructure.\nDue to the detection being limited to a specific type of proxy, Tor, its coverage is Minimal resulting in a Minimal score.", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1090"}, {"comments": "The UnauthorizedAccess:EC2/TorClient GuardDuty finding type flags events where adversaries may use a connection proxy to direct network traffic between systems or act as an intermediary for network communications to a command-and-control server to avoid direct connections to their infrastructure.\nDue to the detection being limited to a specific type of proxy, Tor, its coverage is Minimal resulting in a Minimal score.", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1090"}, {"comments": "The UnauthorizedAccess:EC2/TorClient GuardDuty finding type flags events where adversaries may use a connection proxy to direct network traffic between systems or act as an intermediary for network communications to a command-and-control server to avoid direct connections to their infrastructure.\nDue to the detection being limited to a specific type of proxy, Tor, its coverage is Minimal resulting in a Minimal score.", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1090"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1020", "attack-object-name": "Automated Exfiltration", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The following GuardDuty finding type flags events where adversaries may steal data by exfiltrating it over a different protocol than that of the existing command and control channel.\nTrojan:EC2/DNSDataExfiltration Behavior:EC2/TrafficVolumeUnusual", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The following finding types in GuardDuty flag events where adversaries may use an existing, legitimate external Web service to exfiltrate data rather than their primary command-and-control channel.\nExfiltration:S3/ObjectRead.Unusual Exfiltration:S3/MaliciousIPCaller Exfiltration:IAMUser/AnomalousBehavior Behavior:EC2/TrafficVolumeUnusual", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1567"}, {"comments": "The following finding types in GuardDuty flag events where adversaries may use an existing, legitimate external Web service to exfiltrate data rather than their primary command-and-control channel.\nExfiltration:S3/ObjectRead.Unusual Exfiltration:S3/MaliciousIPCaller Exfiltration:IAMUser/AnomalousBehavior Behavior:EC2/TrafficVolumeUnusual", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1567"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The Impact:S3/MaliciousIPCaller finding type is looking for API calls commonly associated with Impact tactic of techniques where an adversary is trying to manipulate, interrupt, or destroy data within your AWS environment.", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1565"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The following finding types in GuardDuty flag events where adversaries may perform Network Denial of Service (DoS) attacks to degrade or block the availability of targeted resources to users.\nBackdoor:EC2/DenialOfService.UdpOnTcpPorts Backdoor:EC2/DenialOfService.UnusualProtocol Backdoor:EC2/DenialOfService.Udp Backdoor:EC2/DenialOfService.Tcp Backdoor:EC2/DenialOfService.Dns", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1498"}, {"comments": "The following finding types in GuardDuty flag events where adversaries may perform Network Denial of Service (DoS) attacks to degrade or block the availability of targeted resources to users.\nBackdoor:EC2/DenialOfService.UdpOnTcpPorts Backdoor:EC2/DenialOfService.UnusualProtocol Backdoor:EC2/DenialOfService.Udp Backdoor:EC2/DenialOfService.Tcp Backdoor:EC2/DenialOfService.Dns", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1498"}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Scores for this service are capped at Partial due to limited coverage and accuracy information.\nThe temporal factor for this control is consistent: the first instance of a finding taking place is alerted within 5 minutes of the event occurring. After that any subsequent events can be customized to be reported at 15 minutes, 1 hour, or the default of 6 hours.\nThe following findings were not mappable:\n Backdoor:EC2/Spambot\n Impact:EC2/AbusedDomainRequest.Reputation\n InitialAccess:IAMUser/AnomalousBehavior", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": ["https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan", "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The following finding types can be used to detect behavior that can lead to the defacement of\ncloud resources:\nImpact:S3/MaliciousIPCaller\nExfiltration:S3/MaliciousIPCaller\nExfiltration:S3/ObjectRead.Unusual\nPenTest:S3/KaliLinux\nPenTest:S3/ParrotLinux\nPenTest:S3/PentooLinux\nUnauthorizedAccess:S3/MaliciousIPCaller.Custom\nUnauthorizedAccess:S3/TorIPCaller", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1491"}, {"comments": "The following finding types can be used to detect behavior that can lead to the defacement of\ncloud resources:\nImpact:S3/MaliciousIPCaller\nExfiltration:S3/MaliciousIPCaller\nExfiltration:S3/ObjectRead.Unusual\nPenTest:S3/KaliLinux\nPenTest:S3/ParrotLinux\nPenTest:S3/PentooLinux\nUnauthorizedAccess:S3/MaliciousIPCaller.Custom\nUnauthorizedAccess:S3/TorIPCaller", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon GuardDuty", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1491"}, {"comments": "There is not much documentation that lends itself useful to scoring the accuracy of this control although offerings such as Shield Advanced protection groups and the AWS Shield Response Team (SRT) can be leveraged to improve the accuracy of this control. The control states that DDOS attacks can be mitigated in real time (temporal factor) and not increase cause latency for impacted services.", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": ["https://aws.amazon.com/shield/?whats-new-cards.sort-by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc", "https://aws.amazon.com/shield/features/"], "tags": ["Denial of Service", "Network"], "mapping-description": "", "capability-id": "AWS Shield", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "AWS Shield will set and use a static network flow threshold to detect incoming traffic to AWS services. This will reduce direct network DOS attacks by applying an undisclosed combination of traffic signatures, anomaly algorithms, and other analysis techniques to detect malicious traffic in real-time. AWS Shield Advance identifies anomalies in network traffic to flag attempted attacks and execute inline mitigations to resolve the issue. ", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Shield", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1498"}, {"comments": "AWS Shield will set and use a static network flow threshold to detect incoming traffic to AWS services. This will reduce direct network DOS attacks by applying an undisclosed combination of traffic signatures, anomaly algorithms, and other analysis techniques to detect malicious traffic in real-time. AWS Shield Advance identifies anomalies in network traffic to flag attempted attacks and execute inline mitigations to resolve the issue. ", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Shield", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1498"}, {"comments": "There is not much documentation that lends itself useful to scoring the accuracy of this control although offerings such as Shield Advanced protection groups and the AWS Shield Response Team (SRT) can be leveraged to improve the accuracy of this control. The control states that DDOS attacks can be mitigated in real time (temporal factor) and not increase cause latency for impacted services.", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://aws.amazon.com/shield/?whats-new-cards.sort-by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc", "https://aws.amazon.com/shield/features/"], "tags": ["Denial of Service", "Network"], "mapping-description": "", "capability-id": "AWS Shield", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "AWS Shield Standard provides protection and response to these Denial of Service attacks in real time by using a network traffic baseline and identifying anomalies among other techniques. ", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Shield", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1499"}, {"comments": "AWS Shield Standard provides protection and response to these Denial of Service attacks in real time by using a network traffic baseline and identifying anomalies among other techniques. ", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Shield", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1499"}, {"comments": "AWS Shield Advance allows for customized detection and mitigations for custom applications that are running on EC2 instances.", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Shield", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1499"}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1020", "attack-object-name": "Automated Exfiltration", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following AWS IoT Device Defender audit checks and corresponding mitigation actions can identify and resolve configuration problems that should be fixed in order to ensure SSL/TLS encryption is enabled and secure to protect network traffic to/from IoT devices: \"CA certificate expiring\" (\"CA_CERTIFICATE_EXPIRING_CHECK\" in the CLI and API), \"CA certificate key quality\" (\"CA_CERTIFICATE_KEY_QUALITY_CHECK\" in the CLI and API), and \"CA certificate revoked but device certificates still active\" (\"REVOKED_CA_CERTIFICATE_STILL_ACTIVE_CHECK\" in the CLI and API) can identify problems with certificate authority (CA) certificates being used for signing and support the \"UPDATE_CA_CERTIFICATE\" mitigation action which can resolve them. \"Device certificate expiring\" (\"DEVICE_CERTIFICATE_EXPIRING_CHECK\" in the CLI and API), \"Device certificate key quality\" (\"DEVICE_CERTIFICATE_KEY_QUALITY_CHECK\" in the CLI and API), \"Device certificate shared\" (\"DEVICE_CERTIFICATE_SHARED_CHECK\" in the CLI and API), and \"Revoked device certificate still active\" (\"REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK\" in the CLI and API) can identify problems with IoT devices' certificates and support the \"UPDATE_DEVICE_CERTIFICATE\" and \"ADD_THINGS_TO_THING_GROUP\" mitigation actions which can resolve them.\nCoverage factor is partial for these checks and mitigations, since they are specific to IoT device communication and can only mitigate behavior for adversaries who are unable to decrypt the relevant traffic, resulting in an overall score of Partial.", "attack-object-id": "T1020.001", "attack-object-name": "Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1020"}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The following AWS IoT Device Defender device-side detection metrics can detect indicators that an adversary may be exfiltrating collected data from compromised AWS IoT devices over a given channel to/from those devices: \"Destination IPs\" (\"aws:destination-ip-addresses\") outside of expected IP address ranges may suggest that a device is communicating with unexpected parties. \"Bytes in\" (\"aws:all-bytes-in\"), \"Bytes out\" (\"aws:all-bytes-out\"), \"Packets in\" (\"aws:all-packets-in\"), and \"Packets out\" (\"aws:all-packets-out\") values outside of expected norms may indicate that the device is sending and/or receiving non-standard traffic, which may include exfiltration of stolen data. \"Listening TCP ports\" (\"aws:listening-tcp-ports\"), \"Listening TCP port count\" (\"aws:num-listening-tcp-ports\"), \"Established TCP connections count\" (\"aws:num-established-tcp-connections\"), \"Listening UDP ports\" (\"aws:listening-udp-ports\"), and \"Listening UDP port count\" (\"aws:num-listening-udp-ports\") values outside of expected norms may indicate that devices are communicating via unexpected ports/protocols, which may include exfiltration of data over those ports/protocols.\nCoverage factor is partial, since these metrics are limited to exfiltration from IoT devices, resulting in an overall score of Partial.", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "The following AWS IoT Device Defender device-side detection metrics can detect indicators that an adversary may be exfiltrating collected data from compromised AWS IoT devices over a given channel to/from those devices: \"Destination IPs\" (\"aws:destination-ip-addresses\") outside of expected IP address ranges may suggest that a device is communicating with unexpected parties. \"Bytes in\" (\"aws:all-bytes-in\"), \"Bytes out\" (\"aws:all-bytes-out\"), \"Packets in\" (\"aws:all-packets-in\"), and \"Packets out\" (\"aws:all-packets-out\") values outside of expected norms may indicate that the device is sending and/or receiving non-standard traffic, which may include exfiltration of stolen data. \"Listening TCP ports\" (\"aws:listening-tcp-ports\"), \"Listening TCP port count\" (\"aws:num-listening-tcp-ports\"), \"Established TCP connections count\" (\"aws:num-established-tcp-connections\"), \"Listening UDP ports\" (\"aws:listening-udp-ports\"), and \"Listening UDP port count\" (\"aws:num-listening-udp-ports\") values outside of expected norms may indicate that devices are communicating via unexpected ports/protocols, which may include exfiltration of data over those ports/protocols.\nCoverage factor is partial, since these metrics are limited to exfiltration from IoT devices, resulting in an overall score of Partial.", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "The following AWS IoT Device Defender device-side detection metrics can detect indicators that an adversary may be exfiltrating collected data from compromised AWS IoT devices over a given channel to/from those devices: \"Destination IPs\" (\"aws:destination-ip-addresses\") outside of expected IP address ranges may suggest that a device is communicating with unexpected parties. \"Bytes in\" (\"aws:all-bytes-in\"), \"Bytes out\" (\"aws:all-bytes-out\"), \"Packets in\" (\"aws:all-packets-in\"), and \"Packets out\" (\"aws:all-packets-out\") values outside of expected norms may indicate that the device is sending and/or receiving non-standard traffic, which may include exfiltration of stolen data. \"Listening TCP ports\" (\"aws:listening-tcp-ports\"), \"Listening TCP port count\" (\"aws:num-listening-tcp-ports\"), \"Established TCP connections count\" (\"aws:num-established-tcp-connections\"), \"Listening UDP ports\" (\"aws:listening-udp-ports\"), and \"Listening UDP port count\" (\"aws:num-listening-udp-ports\") values outside of expected norms may indicate that devices are communicating via unexpected ports/protocols, which may include exfiltration of data over those ports/protocols.\nCoverage factor is partial, since these metrics are limited to exfiltration from IoT devices, resulting in an overall score of Partial.", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following AWS IoT Device Defender audit checks can identify potentially malicious use of valid cloud credentials by AWS IoT devices, which may indicate that devices have been compromised: \"CA certificate revoked but device certificates still active\" (\"REVOKED_CA_CERTIFICATE_STILL_ACTIVE_CHECK\" in the CLI and API) indicates that device certificates signed using a revoked CA certificate are still active, which may indicate that devices using those certificates are controlled by an adversary if the CA certificate was revoked due to compromise. \"Device certificate shared\" (\"DEVICE_CERTIFICATE_SHARED_CHECK\" in the CLI and API), \"Revoked device certificate still active\" (\"REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK\" in the CLI and API), and \"Conflicting MQTT client IDs\" (\"CONFLICTING_CLIENT_IDS_CHECK\" in the CLI and API) can indicate that devices are in use with duplicate certificates and/or IDs and/or certificates that have been revoked due to compromise, all of which suggest that an adversary may be using clones of compromised devices to leverage their access.\nThe following AWS IoT Device Defender cloud-side detection metrics can identify potentially malicious use of valid cloud credentials by IoT devices, which may indicate that devices have been compromised: \"Source IP\" (\"aws:source-ip-address\") values outside of expected IP address ranges may suggest that a device has been stolen. \"Authorization failures\" (\"aws:num-authorization-failures\") counts above a typical threshold may indicate that a compromised device is attempting to use its connection to AWS IoT to access resources for which it does not have access and being denied. High counts for \"Disconnects\" (\"aws:num-disconnects\"), especially in conjunction with high counts for \"Connection attempts\" (\"aws:num-connection-attempts\"), which include successful attempts, may indicate that a compromised device is connecting and disconnecting from AWS IoT using the device's associated access.\nCoverage factor is partial for these metrics, checks, and mitigations, since they are specific to use of cloud accounts for AWS IoT access and actions, resulting in an overall score of Partial.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "The following AWS IoT Device Defender audit checks and corresponding mitigation actions can identify and in some cases resolve configuration problems that should be fixed in order to limit the potential impact of compromised accounts with access to AWS IoT resources: The \"Authenticated Cognito role overly permissive\" (\"AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK\" in the CLI and API) audit check can identify policies which grant excessive privileges and permissions for AWS IoT actions to Amazon Cognito identity pool roles. The \"Unauthenticated Cognito role overly permissive\" (\"UNAUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK\" in the CLI and API) audit check can identify policies which grant excessive privileges and permissions for AWS IoT actions to Amazon Cognito identity pool roles and do not require authentication, which pose a substantial risk because they can be trivially accessed. The \"AWS IoT policies overly permissive\" (\"IOT_POLICY_OVERLY_PERMISSIVE_CHECK\" in the CLI and API) audit check can identify AWS IoT policies which grant excessive privileges and permissions for AWS IoT actions and supports the \"REPLACE_DEFAULT_POLICY_VERSION\" mitigation action which can reduce permissions to limit potential misuse. The \"Role alias allows access to unused services\" (\"IOT_ROLE_ALIAS_ALLOWS_ACCESS_TO_UNUSED_SERVICES_CHECK\" in the CLI and API) and \"Role alias overly permissive\" (\"IOT_ROLE_ALIAS_OVERLY_PERMISSIVE_CHECK\" in the CLI and API) audit checks can identify AWS IoT role aliases which allow connected devices to authenticate using their certificates and obtain short-lived AWS credentials from an associated IAM role which grant permissions and privileges beyond those necessary to the devices' functions and should be fixed in order to prevent further account compromise from compromised devices.\nCoverage factor is partial for these checks and mitigations, since they are specific to use of cloud accounts for AWS IoT access and actions, resulting in an overall score of Partial.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following AWS IoT Device Defender audit checks can identify potentially malicious use of private keys associated with AWS IoT devices, which may indicate that the keys have been taken from compromised devices and repurposed by an adversary: \"Device certificate shared\" (\"DEVICE_CERTIFICATE_SHARED_CHECK\" in the CLI and API) and \"Revoked device certificate still active\" (\"REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK\" in the CLI and API) can indicate that devices are in use with duplicate certificates and/or certificates that have been revoked due to compromise, both of which suggest that an adversary may be misusing stolen private keys.\nCoverage factor is partial for these checks and mitigations, since they are specific to use of private keys associated with AWS IoT devices, resulting in an overall score of Partial.", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1552"}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Mappings for AWS IoT Device Defender audit are based on the current set of AWS IoT Device Defender audit checks that can be enabled. AWS IoT Device Defender's predefined mitigation actions are also included for those audit checks that support them. Audit checks can be run as needed (on-demand audits) or scheduled to be run periodically (scheduled audits), so temporal scoring factors are uniformly high for this control, based on the assumption that checks are run (at minimum) on a frequent basis. Audit check and mitigation names are identified in quotes throughout this mapping.\nMappings for AWS IoT Device Defender detect are based on the current set of AWS IoT Device Defender device-side and cloud-side detection metrics. Cloud-side detection alarms are triggered when set thresholds are exceeded, and device-side detection metrics are published on a chosen interval with a minimum value of 5 minutes, so temporal scoring factors are uniformly high for this control, based on the assumption that thresholds are set to sensible values that detect suspicious values quickly and device-side metric publishing is not set to an unreasonably large interval. Detect metric names are identified in quotes throughout this mapping.", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://aws.amazon.com/iot-device-defender/", "https://docs.aws.amazon.com/iot-device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-mitigation-actions", "https://docs.aws.amazon.com/iot/latest/developerguide/dd-detect-security-use-cases", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-cloud-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/detect-device-side-metrics", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit", "https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect"], "tags": ["Internet of Things", "IoT"], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Minimal", "related-score": ""}, {"comments": "The \"Logging disabled\" audit check (\"LOGGING_DISABLED_CHECK\" in the CLI and API) can identify potentially malicious changes to AWS IoT logs (both V1 and V2), which should be enabled in Amazon CloudWatch. Score is limited to Partial since this control only addresses IoT logging.", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1562"}, {"comments": "The \"ENABLE_IOT_LOGGING\" mitigation action (which is supported by the \"Logging disabled\" audit check) enables AWS IoT logging if it is not enabled when the check is run, effectively reversing the adversary behavior if those logs were disabled due to malicious changes. Score is limited to Partial since this control only addresses IoT logging.", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS IoT Device Defender", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Partial", "related-score": "T1562"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html", "https://aws.amazon.com/organizations/getting-started/best-practices/"], "tags": ["Identity"], "mapping-description": "", "capability-id": "AWS Organizations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may protect against malicious use of cloud accounts by implementing service control policies that define what actions an account may take. If best practices are followed, AWS accounts should only have the least amount of privileges required.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Organizations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1078"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html", "https://aws.amazon.com/organizations/getting-started/best-practices/"], "tags": ["Identity"], "mapping-description": "", "capability-id": "AWS Organizations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may protect against cloud account discovery by segmenting accounts into separate organizational units and restricting to least privileges between groups. ", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Organizations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1087"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html", "https://aws.amazon.com/organizations/getting-started/best-practices/"], "tags": ["Identity"], "mapping-description": "", "capability-id": "AWS Organizations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": ["https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html", "https://aws.amazon.com/organizations/getting-started/best-practices/"], "tags": ["Identity"], "mapping-description": "", "capability-id": "AWS Organizations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://aws.amazon.com/cloudendure-disaster-recovery/", "https://docs.cloudendure.com/#Configuring_and_Running_Disaster_Recovery/Configuring_and_Running_Disaster_Recovery.htm"], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://aws.amazon.com/cloudendure-disaster-recovery/", "https://docs.cloudendure.com/#Configuring_and_Running_Disaster_Recovery/Configuring_and_Running_Disaster_Recovery.htm"], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": ["https://aws.amazon.com/cloudendure-disaster-recovery/", "https://docs.cloudendure.com/#Configuring_and_Running_Disaster_Recovery/Configuring_and_Running_Disaster_Recovery.htm"], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": ["https://aws.amazon.com/cloudendure-disaster-recovery/", "https://docs.cloudendure.com/#Configuring_and_Running_Disaster_Recovery/Configuring_and_Running_Disaster_Recovery.htm"], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS CloudEndure Disaster Recovery enables the replication and recovery of servers into AWS Cloud. In the event that data on servers is manipulated, AWS CloudEndure can be used to provision an instance of the server from a previous point in time within minutes. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1565"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": ["https://aws.amazon.com/cloudendure-disaster-recovery/", "https://docs.cloudendure.com/#Configuring_and_Running_Disaster_Recovery/Configuring_and_Running_Disaster_Recovery.htm"], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "AWS CloudEndure Disaster Recovery enables the replication and recovery of servers into AWS Cloud. In the event that servers are defaced, AWS CloudEndure can be used to provision an instance of the server from a previous point in time within minutes. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1491"}, {"comments": "AWS CloudEndure Disaster Recovery enables the replication and recovery of servers into AWS Cloud. In the event that servers are defaced, AWS CloudEndure can be used to provision an instance of the server from a previous point in time within minutes. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1491"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": ["https://aws.amazon.com/cloudendure-disaster-recovery/", "https://docs.cloudendure.com/#Configuring_and_Running_Disaster_Recovery/Configuring_and_Running_Disaster_Recovery.htm"], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "AWS CloudEndure Disaster Recovery enables the replication and recovery of servers into AWS Cloud. In the event that server disks are wiped, AWS CloudEndure can be used to provision an instance of the server from a previous point in time within minutes. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1561"}, {"comments": "AWS CloudEndure Disaster Recovery enables the replication and recovery of servers into AWS Cloud. In the event that server disks are wiped, AWS CloudEndure can be used to provision an instance of the server from a previous point in time within minutes. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1561"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": ["https://aws.amazon.com/cloudendure-disaster-recovery/", "https://docs.cloudendure.com/#Configuring_and_Running_Disaster_Recovery/Configuring_and_Running_Disaster_Recovery.htm"], "tags": [], "mapping-description": "", "capability-id": "AWS CloudEndure Disaster Recovery", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://aws.amazon.com/kms/", "https://docs.aws.amazon.com/kms/latest/developerguide/overview.html"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "AWS Key Management Service", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This service provides a more secure alternative to storing encryption keys in the file system. As a result of this service only supporting cryptographic keys and not other types of credentials, the coverage score is assessed as Partial resulting in an overall Partial score.", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Key Management Service", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1552"}, {"comments": "This service allows for securely storing encryption keys and enforcing fine-grained access to the keys. The service does not allow anyone access to retrieve plaintext keys from the service.", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Key Management Service", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1552"}, {"comments": "", "attack-object-id": "T1588", "attack-object-name": "Obtain Capabilities", "references": ["https://aws.amazon.com/kms/", "https://docs.aws.amazon.com/kms/latest/developerguide/overview.html"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "AWS Key Management Service", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The encryption key for the certificate can be stored in KMS, reducing its attack surface. Score is capped at Partial because adversaries can still misuse keys/certs if KMS and KMS resources are compromised.", "attack-object-id": "T1588.003", "attack-object-name": "Code Signing Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Key Management Service", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1588"}, {"comments": "The encryption key for the certificate can be stored in KMS, reducing its attack surface. Score is capped at Partial because adversaries can still misuse keys/certs if KMS and KMS resources are compromised.", "attack-object-id": "T1588.004", "attack-object-name": "Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Key Management Service", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1588"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Amazon Inspector Best Practices assessment package can detect security control settings related to authentication and password policies on Linux endpoints. Specific security controls it can assess include \"Disable password authentication over SSH\", \"Configure password maximum age\", \"Configure password minimum length\", and \"Configure password complexity\" all of which impact the ability to brute force a password. This information can be used identify insecure configurations and harden the endpoints. Amazon Inspector does not directly protect against brute force attacks. Given Amazon Inspector can only assess these security controls on Linux platforms (although it also supports Windows), the coverage score is Minimal leading to an overall Minimal score.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "The Amazon Inspector Best Practices assessment package can detect security control settings related to authentication and password policies on Linux endpoints. Specific security controls it can assess include \"Disable password authentication over SSH\", \"Configure password maximum age\", \"Configure password minimum length\", and \"Configure password complexity\" all of which impact the ability to brute force a password. This information can be used identify insecure configurations and harden the endpoints. Amazon Inspector does not directly protect against brute force attacks. Given Amazon Inspector can only assess these security controls on Linux platforms (although it also supports Windows), the coverage score is Minimal leading to an overall Minimal score.", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "The Amazon Inspector Best Practices assessment package can detect security control settings related to authentication and password policies on Linux endpoints. Specific security controls it can assess include \"Disable password authentication over SSH\", \"Configure password maximum age\", \"Configure password minimum length\", and \"Configure password complexity\" all of which impact the ability to brute force a password. This information can be used identify insecure configurations and harden the endpoints. Amazon Inspector does not directly protect against brute force attacks. Given Amazon Inspector can only assess these security controls on Linux platforms (although it also supports Windows), the coverage score is Minimal leading to an overall Minimal score.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "The Amazon Inspector Best Practices assessment package can detect security control settings related to authentication and password policies on Linux endpoints. Specific security controls it can assess include \"Disable password authentication over SSH\", \"Configure password maximum age\", \"Configure password minimum length\", and \"Configure password complexity\" all of which impact the ability to brute force a password. This information can be used identify insecure configurations and harden the endpoints. Amazon Inspector does not directly protect against brute force attacks. Given Amazon Inspector can only assess these security controls on Linux platforms (although it also supports Windows), the coverage score is Minimal leading to an overall Minimal score.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Amazon Inspector Best Practices assessment package can detect a security control setting related to remote service access on Linux endpoints. Specifically, \"Disable root login over SSH\". This information can be used identify insecure configurations and harden the endpoints. Amazon Inspector does not directly protect against adversaries accessing remote services. Given Amazon Inspector can only assess this security control on Linux platforms (although it also supports Windows) and it only restricts access to remote services for one user account, the coverage score is Minimal leading to an overall Minimal score.", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1021"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this the score is capped at Partial. ", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1222"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1070"}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1070"}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1070.004", "attack-object-name": "File Deletion", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1070"}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1070.005", "attack-object-name": "Network Share Connection Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1070"}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1070.006", "attack-object-name": "Timestomp", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1070"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1599", "attack-object-name": "Network Boundary Bridging", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Furthermore, Amazon Inspector only supports a subset of the sub-techniques for this technique. Due to these things and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1599.001", "attack-object-name": "Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1599"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1003.007", "attack-object-name": "Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1003"}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1003"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1053"}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1053"}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1053"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1529", "attack-object-name": "System Shutdown/Reboot", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this and the fact the security control is only supported for Linux platforms, the score is Minimal. ", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1548"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this, the score is capped at Partial. ", "attack-object-id": "T1037.004", "attack-object-name": "RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1037"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Amazon Inspector Best Practices assessment package can assess security control \"Configure permissions for system directories\" that prevents privilege escalation by local users and ensures only the root account can modify/execute system configuration information and binaries. Amazon Inspector does not directly protect against system modifications rather it just checks to see if security controls are in place which can inform decisions around hardening the system. Due to this, the score is capped at Partial. ", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1543"}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The CIS Benchmarks assessment package is considered out of scope because a separate project will be responsible for mapping CIS Benchmarks and ATT&CK.", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": ["https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html"], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The Amazon Inspector Network Reachability assessment package can assess whether or not cloud/network components are vulnerable (e.g., publicly accessible from the Internet). Amazon Inspector does not directly protect cloud/network components rather reports on vulnerabilities that it identifies which can then be used to securely configure the cloud/network components. Due to this, the score is capped at Partial. ", "attack-object-id": "T1595.001", "attack-object-name": "Scanning IP Blocks", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "The Amazon Inspector Network Reachability assessment package can assess whether or not cloud/network components are vulnerable (e.g., publicly accessible from the Internet). Amazon Inspector does not directly protect cloud/network components rather reports on vulnerabilities that it identifies which can then be used to securely configure the cloud/network components. Due to this, the score is capped at Partial. ", "attack-object-id": "T1595.002", "attack-object-name": "Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Inspector", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1590", "attack-object-name": "Gather Victim Network Information", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "VPC security groups and network access control lists (NACLs) can prevent the gathering of victim network information via (active) scanning methods but is not effective against other methods of gathering victim network information such as via Phishing or online databases (e.g. WHOIS) resulting in a Partial coverage score and an overall Partial score.", "attack-object-id": "T1590.001", "attack-object-name": "Domain Properties", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "VPC security groups and network access control lists (NACLs) can prevent the gathering of victim network information via (active) scanning methods but is not effective against other methods of gathering victim network information such as via Phishing or online databases (e.g. WHOIS) resulting in a Partial coverage score and an overall Partial score.", "attack-object-id": "T1590.004", "attack-object-name": "Network Topology", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "VPC security groups and network access control lists (NACLs) can prevent the gathering of victim network information via (active) scanning methods but is not effective against other methods of gathering victim network information such as via Phishing or online databases (e.g. WHOIS) resulting in a Partial coverage score and an overall Partial score.", "attack-object-id": "T1590.005", "attack-object-name": "IP Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "VPC security groups and network access control lists (NACLs) can prevent the gathering of victim network information via (active) scanning methods but is not effective against other methods of gathering victim network information such as via Phishing or online databases (e.g. WHOIS) resulting in a Partial coverage score and an overall Partial score.", "attack-object-id": "T1590.006", "attack-object-name": "Network Security Appliances", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict inbound traffic that can protect against active scanning techniques such as Scanning IP Blocks and/or Vulnerability Scanning. Because this protection is limited to known malicious IP addresses and domains and does not provide protection from such attacks from unknown domains and IP addresses, this is scored as partial coverage resulting in an overall Partial score.", "attack-object-id": "T1595.001", "attack-object-name": "Scanning IP Blocks", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict inbound traffic that can protect against active scanning techniques such as Scanning IP Blocks and/or Vulnerability Scanning. Because this protection is limited to known malicious IP addresses and domains and does not provide protection from such attacks from unknown domains and IP addresses, this is scored as partial coverage resulting in an overall Partial score.", "attack-object-id": "T1595.002", "attack-object-name": "Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "VPC security groups and network access control lists (NACLs) can protect against this sub-technique by enforcing limited access to only required ports. Consequently, even if the adversary is able to utilize port knocking to open additional ports at the host level, it is still blocked at the security group or NACL level. ", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1205"}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1018", "attack-object-name": "Remote System Discovery", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "VPC security groups and network access control lists (NACLs) can limit access to the minimum required ports and therefore protect against adversaries attempting to exfiltrate data using a different protocol than that of the existing command and control channel. In environments where unrestricted Internet access is required, security groups and NACLs can still be used to block known malicious endpoints. Because in such environments the protection is limited to known malicious IP addresses and domains and does not provide protection from such attacks from unknown domains and IP addresses, this is scored as partial coverage resulting in an overall Partial score.", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "VPC security groups and network access control lists (NACLs) can limit access to the minimum required ports and therefore protect against adversaries attempting to exfiltrate data using a different protocol than that of the existing command and control channel. In environments where unrestricted Internet access is required, security groups and NACLs can still be used to block known malicious endpoints. Because in such environments the protection is limited to known malicious IP addresses and domains and does not provide protection from such attacks from unknown domains and IP addresses, this is scored as partial coverage resulting in an overall Partial score.", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "VPC security groups and network access control lists (NACLs) can limit access to the minimum required ports and therefore protect against adversaries attempting to exfiltrate data using a different protocol than that of the existing command and control channel. In environments where unrestricted Internet access is required, security groups and NACLs can still be used to block known malicious endpoints. Because in such environments the protection is limited to known malicious IP addresses and domains and does not provide protection from such attacks from unknown domains and IP addresses, this is scored as partial coverage resulting in an overall Partial score.", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1557"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1557"}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1565"}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Can limit access to client management interfaces or configuration databases.", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1602"}, {"comments": "Can limit access to client management interfaces or configuration databases.", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1602"}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict clients to connecting (and therefore booting) from only trusted network resources.", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1542"}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict access to endpoints but will prove effective at mitigating only low-end DOS attacks resulting in a Minimal score.", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1499"}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict access to endpoints but will prove effective at mitigating only low-end DOS attacks resulting in a Minimal score.", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1499"}, {"comments": "VPC security groups and network access control lists (NACLs) can be used to restrict access to endpoints but will prove effective at mitigating only low-end DOS attacks resulting in a Minimal score.", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1499"}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The mappings contained in this file were based on Amazon's \"Security in Amazon Virtual Private Cloud\" documentation listed in the references section. The following VPC components were assessed to produce this mapping: Security Groups, Network Access Control Lists (NACLs), VPC Peering, VPC Endpoints, and Virtual Private Network (VPN).", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/security.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "VPC security groups and network access control lists (NACLs) can restrict access between systems, enclaves, and workloads thereby mitigating these proxy related sub-techniques.", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "VPC security groups and network access control lists (NACLs) can restrict access between systems, enclaves, and workloads thereby mitigating these proxy related sub-techniques.", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "VPC security groups and network access control lists (NACLs) can restrict access between systems, enclaves, and workloads thereby mitigating these proxy related sub-techniques.", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html", "https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-compromised-credentials.html", "https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html"], "tags": ["Identity"], "mapping-description": "", "capability-id": "Amazon Cognito", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Amazon Cognito has the ability to alert and block accounts where credentials were found to be compromised elsewhere (compromised credential protection). The service also detects unusual sign-in activity, such as sign-in attempts from new locations and devices and can either prompt users for additional verification or block the sign-in request. There was insufficient detail on the operation of these capabilities and therefore a conservative assessment of a Partial score has been assigned.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Cognito", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html", "https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-compromised-credentials.html", "https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html"], "tags": ["Identity"], "mapping-description": "", "capability-id": "Amazon Cognito", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "MFA can significantly reduce the impact of a password compromise, requiring the adversary to complete an additional authentication method before their access is permitted.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Cognito", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "MFA can significantly reduce the impact of a password compromise, requiring the adversary to complete an additional authentication method before their access is permitted.", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Cognito", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "MFA can significantly reduce the impact of a password compromise, requiring the adversary to complete an additional authentication method before their access is permitted.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Cognito", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "MFA can significantly reduce the impact of a password compromise, requiring the adversary to complete an additional authentication method before their access is permitted.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Amazon Cognito", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://aws.amazon.com/waf/", "https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html", "https://docs.aws.amazon.com/waf/latest/APIReference/Welcome.html", "https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": ["https://aws.amazon.com/waf/", "https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html", "https://docs.aws.amazon.com/waf/latest/APIReference/Welcome.html", "https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://aws.amazon.com/waf/", "https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html", "https://docs.aws.amazon.com/waf/latest/APIReference/Welcome.html", "https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": ["https://aws.amazon.com/waf/", "https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html", "https://docs.aws.amazon.com/waf/latest/APIReference/Welcome.html", "https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The AWS WAF protects web applications from injection attacks that leverage command and scripting interpreters. AWS WAF provides this protection via the following rule sets that block malicious traffic across a variety of operating systems and applications.\nAWSManagedRulesCommonRuleSet AWSManagedRulesSQLiRuleSet AWSManagedRulesUnixRuleSet AWSManagedRulesWindowsRuleSet AWSManagedRulesPHPRuleSet AWSManagedRulesWordPressRuleSet\nThis is given a score of Significant because it provides protections for PowerShell, Unix, and JavaScript command and scripting interpreters by blocking the malicious content in near real-time.", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1059"}, {"comments": "The AWS WAF protects web applications from injection attacks that leverage command and scripting interpreters. AWS WAF provides this protection via the following rule sets that block malicious traffic across a variety of operating systems and applications.\nAWSManagedRulesCommonRuleSet AWSManagedRulesSQLiRuleSet AWSManagedRulesUnixRuleSet AWSManagedRulesWindowsRuleSet AWSManagedRulesPHPRuleSet AWSManagedRulesWordPressRuleSet\nThis is given a score of Significant because it provides protections for PowerShell, Unix, and JavaScript command and scripting interpreters by blocking the malicious content in near real-time.", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1059"}, {"comments": "The AWS WAF protects web applications from injection attacks that leverage command and scripting interpreters. AWS WAF provides this protection via the following rule sets that block malicious traffic across a variety of operating systems and applications.\nAWSManagedRulesCommonRuleSet AWSManagedRulesSQLiRuleSet AWSManagedRulesUnixRuleSet AWSManagedRulesWindowsRuleSet AWSManagedRulesPHPRuleSet AWSManagedRulesWordPressRuleSet\nThis is given a score of Significant because it provides protections for PowerShell, Unix, and JavaScript command and scripting interpreters by blocking the malicious content in near real-time.", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1059"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": ["https://aws.amazon.com/waf/", "https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html", "https://docs.aws.amazon.com/waf/latest/APIReference/Welcome.html", "https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The AWS WAF protects web applications from access by adversaries that leverage tools that obscure their identity (e.g., VPN, proxies, Tor, hosting providers). AWS WAF provides this protection via the following rule set that blocks incoming traffic from IP addresses known to anonymize connection information or be less likely to source end user traffic.\nAWSManagedRulesAnonymousIpList\nThis is given a score of Partial because it provide protections for only a subset of the sub-techniques (2 out of 4) and is based only on known IP addresses. Furthermore, it blocks the malicious content in near real-time.", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "The AWS WAF protects web applications from access by adversaries that leverage tools that obscure their identity (e.g., VPN, proxies, Tor, hosting providers). AWS WAF provides this protection via the following rule set that blocks incoming traffic from IP addresses known to anonymize connection information or be less likely to source end user traffic.\nAWSManagedRulesAnonymousIpList\nThis is given a score of Partial because it provide protections for only a subset of the sub-techniques (2 out of 4) and is based only on known IP addresses. Furthermore, it blocks the malicious content in near real-time.", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": ["https://aws.amazon.com/waf/", "https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html", "https://docs.aws.amazon.com/waf/latest/APIReference/Welcome.html", "https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "AWS WAF protects against bots that run scans against web applications such as Nessus (vulnerability assessments) and Nmap (IP address and port scans) among others. AWS WAF does this by blocking malicious traffic that indicate bad bots such as those listed above (e.g., via User-Agent values). AWS WAF uses the following rule sets to provide this protection.\nAWSManagedRulesCommonRuleSet AWSManagedRulesBotControlRuleSet\nThis is scored as Partial because the rule sets, while they block malicious traffic in near real-time, only protect web applications against scans performed by bots.", "attack-object-id": "T1595.001", "attack-object-name": "Scanning IP Blocks", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "AWS WAF protects against bots that run scans against web applications such as Nessus (vulnerability assessments) and Nmap (IP address and port scans) among others. AWS WAF does this by blocking malicious traffic that indicate bad bots such as those listed above (e.g., via User-Agent values). AWS WAF uses the following rule sets to provide this protection.\nAWSManagedRulesCommonRuleSet AWSManagedRulesBotControlRuleSet\nThis is scored as Partial because the rule sets, while they block malicious traffic in near real-time, only protect web applications against scans performed by bots.", "attack-object-id": "T1595.002", "attack-object-name": "Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://aws.amazon.com/waf/", "https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html", "https://docs.aws.amazon.com/waf/latest/APIReference/Welcome.html", "https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://aws.amazon.com/waf/", "https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html", "https://docs.aws.amazon.com/waf/latest/APIReference/Welcome.html", "https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS WAF protects against this by inspecting incoming requests and blocking malicious traffic. AWS WAF uses the following rule sets to provide this protection.\nAWSManagedRulesCommonRuleSet AWSManagedRulesAdminProtectionRuleSet AWSManagedRulesKnownBadInputsRuleSet AWSManagedRulesSQLiRuleSet AWSManagedRulesLinuxRuleSet AWSManagedRulesUnixRuleSet AWSManagedRulesWindowsRuleSet AWSManagedRulesPHPRuleSet AWSManagedRulesWordPressRuleSet AWSManagedRulesBotControlRuleSet\nThis is scored as Minimal because the rule sets only protect against the web protocols sub-technique.", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1071"}, {"comments": "", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": ["https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html"], "tags": ["Metrics"], "mapping-description": "", "capability-id": "AWS CloudWatch", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": ["https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html"], "tags": ["Metrics"], "mapping-description": "", "capability-id": "AWS CloudWatch", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html"], "tags": ["Metrics"], "mapping-description": "", "capability-id": "AWS CloudWatch", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1592", "attack-object-name": "Gather Victim Host Information", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1592.001", "attack-object-name": "Hardware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1592"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1592.002", "attack-object-name": "Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1592"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1592.003", "attack-object-name": "Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1592"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1592.004", "attack-object-name": "Client Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1592"}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1589", "attack-object-name": "Gather Victim Identity Information", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1589.001", "attack-object-name": "Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1589"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1589.002", "attack-object-name": "Email Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1589"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1589.003", "attack-object-name": "Employee Names", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1589"}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1590", "attack-object-name": "Gather Victim Network Information", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1590.001", "attack-object-name": "Domain Properties", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1590"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1590.002", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1590"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1590.003", "attack-object-name": "Network Trust Dependencies", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1590"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1590.004", "attack-object-name": "Network Topology", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1590"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1590.005", "attack-object-name": "IP Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1590"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1590.006", "attack-object-name": "Network Security Appliances", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1590"}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1591", "attack-object-name": "Gather Victim Org Information", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1591.001", "attack-object-name": "Determine Physical Locations", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1591"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1591.002", "attack-object-name": "Business Relationships", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1591"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1591.003", "attack-object-name": "Identify Business Tempo", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1591"}, {"comments": "AWS Security Hub detects improperly secured data from S3 buckets such as public read and write access that may result in an adversary getting access to information that could be used during targeting. AWS Security Hub provides these detections with the following managed insights.\nS3 buckets with public write or read permissions S3 buckets with sensitive data\nThis is scored as Minimal because S3 only represents one of many available sources of information that an adversary could use for targeting. ", "attack-object-id": "T1591.004", "attack-object-name": "Identify Roles", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1591"}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS Security Hub detects suspicious activity by AWS accounts which could indicate valid accounts being leveraged by an adversary. AWS Security Hub provides these detections with the following managed insights.\nAWS principals with suspicious access key activity Credentials that may have leaked AWS resources with unauthorized access attempts IAM users with suspicious activity\nAWS Security Hub also performs checks from the AWS Foundations CIS Benchmark and PCI-DSS security standard that, if implemented, would help towards detecting the misuse of valid accounts. AWS Security Hub provides these detections with the following checks.\n3.1 Ensure a log metric filter and alarm exist for unauthorized API calls 3.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA 3.3 Ensure a log metric filter and alarm exist for usage of \"root\" account 3.4 Ensure a log metric filter and alarm exist for IAM policy changes 3.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures [PCI.CW.1] A log metric filter and alarm should exist for usage of the \"root\" user\nBy monitoring the root account, activity where accounts make unauthorized API calls, and changes to IAM permissions among other things, it may be possible to detect valid accounts that are being misused and are potentially compromised.\nThis is scored as Significant because it reports on suspicious activity by AWS accounts. ", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1078"}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS Security Hub performs a check from the AWS Foundations CIS Benchmark that, if implemented, would help towards detecting the manipulation of accounts. AWS Security Hub provides this detection with the following check.\n3.4 Ensure a log metric filter and alarm exist for IAM policy changes \nThis is scored as Significant because it can monitor all changes to IAM policy which can be used to detect any changes made to accounts. ", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1098"}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "AWS Security Hub performs checks from the AWS Foundations CIS Benchmark that, if implemented, would help towards detecting changes to key AWS services. AWS Security Hub provides these detections with the following checks.\n3.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes 3.9 Ensure a log metric filter and alarm exist for AWS Config configuration changes 3.10 Ensure a log metric filter and alarm exist for security group changes 3.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) 3.12 Ensure a log metric filter and alarm exist for changes to network gateways 3.13 Ensure a log metric filter and alarm exist for route table changes 3.14 Ensure a log metric filter and alarm exist for VPC changes\nThis is scored as Significant because it can detect when changes are made to key AWS services (e.g., CloudTrail, Config, etc.) such as when they stop logging or other configuration changes are made. ", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1562"}, {"comments": "AWS Security Hub performs checks from the AWS Foundations CIS Benchmark that, if implemented, would help towards detecting changes to key AWS services. AWS Security Hub provides these detections with the following checks.\n3.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes 3.9 Ensure a log metric filter and alarm exist for AWS Config configuration changes 3.10 Ensure a log metric filter and alarm exist for security group changes 3.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) 3.12 Ensure a log metric filter and alarm exist for changes to network gateways 3.13 Ensure a log metric filter and alarm exist for route table changes 3.14 Ensure a log metric filter and alarm exist for VPC changes\nThis is scored as Significant because it can detect when changes are made to key AWS services (e.g., CloudTrail, Config, etc.) such as when they stop logging or other configuration changes are made. ", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1562"}, {"comments": "AWS Security Hub performs checks from the AWS Foundations CIS Benchmark that, if implemented, would help towards detecting changes to key AWS services. AWS Security Hub provides these detections with the following checks.\n3.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes 3.9 Ensure a log metric filter and alarm exist for AWS Config configuration changes 3.10 Ensure a log metric filter and alarm exist for security group changes 3.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) 3.12 Ensure a log metric filter and alarm exist for changes to network gateways 3.13 Ensure a log metric filter and alarm exist for route table changes 3.14 Ensure a log metric filter and alarm exist for VPC changes\nThis is scored as Significant because it can detect when changes are made to key AWS services (e.g., CloudTrail, Config, etc.) such as when they stop logging or other configuration changes are made. ", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1562"}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS Security Hub performs a check from the AWS Foundations CIS Benchmark that, if implemented, would help towards detecting the brute forcing of accounts. AWS Security Hub provides this detection with the following checks.\n3.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures\nThis is scored as Minimal because it only applies to the AWS Management Console and not other access mechanisms (e.g., CLI, SDK, etc.). Furthermore, it does not detect brute-forcing methods for other components such as EC2 instances. ", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "AWS Security Hub performs a check from the AWS Foundations CIS Benchmark that, if implemented, would help towards detecting the brute forcing of accounts. AWS Security Hub provides this detection with the following checks.\n3.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures\nThis is scored as Minimal because it only applies to the AWS Management Console and not other access mechanisms (e.g., CLI, SDK, etc.). Furthermore, it does not detect brute-forcing methods for other components such as EC2 instances. ", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "AWS Security Hub performs a check from the AWS Foundations CIS Benchmark that, if implemented, would help towards detecting the brute forcing of accounts. AWS Security Hub provides this detection with the following checks.\n3.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures\nThis is scored as Minimal because it only applies to the AWS Management Console and not other access mechanisms (e.g., CLI, SDK, etc.). Furthermore, it does not detect brute-forcing methods for other components such as EC2 instances. ", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "Managed Insights: AWS Security Hub reports on collections of related findings which are known as managed insights. When possible, these managed insights are mapped to ATT&CK techniques (e.g., \"S3 buckets with public write or read permissions\"). It should be noted that not all managed insights have the level of detail to be able to map them to ATT&CK techniques and are not included in the mapping (e.g., \"EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)\"). \nAWS Config: AWS Security Hub supports reporting on findings from AWS Config (e.g., for CIS AWS Foundations Benchmark controls among others). Given that AWS Config is its own service, these findings will not be mapped to ATT&CK. The only controls that will be included in this mapping are those for which Security Hub implements custom logic. It should also be noted that there will be a future CTID project that maps specific CIS Benchmarks to ATT&CK techniques. \n", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"], "tags": [], "mapping-description": "", "capability-id": "AWS Security Hub", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.aws.amazon.com/iam/index.html"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.aws.amazon.com/iam/index.html"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may mitigate the impact of compromised valid accounts by enabling fine-grained access policies and implementing least-privilege policies. MFA can provide protection against an adversary that obtains valid credentials by requiring the adversary to complete an additional authentication process before access is permitted.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "The Access Analyzer tool may detect when an external entity has been granted access to cloud resources through use of access policies. This tool will scan upon any change to access policies or periodically within 24 hours.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1078"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.aws.amazon.com/iam/index.html"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Access Analyzer tool may detect when an external entity has been granted access to cloud resources through use of access policies. This tool will scan upon any change to access policies or periodically within 24 hours.", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1098"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": ["https://docs.aws.amazon.com/iam/index.html"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may mitigate against application access token theft if the application is configured to retrieve temporary security credentials using an IAM role. This recommendation is a best practice for IAM but must be explicitly implemented by the application developer. ", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1550"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.aws.amazon.com/iam/index.html"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control may mitigate brute force attacks by enforcing multi-factor authentication, enforcing strong password policies, and rotating credentials periodically. These recommendations are IAM best practices but must be explicitly implemented by a cloud administrator.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control may mitigate brute force attacks by enforcing multi-factor authentication, enforcing strong password policies, and rotating credentials periodically. These recommendations are IAM best practices but must be explicitly implemented by a cloud administrator.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control may mitigate brute force attacks by enforcing multi-factor authentication, enforcing strong password policies, and rotating credentials periodically. These recommendations are IAM best practices but must be explicitly implemented by a cloud administrator.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://docs.aws.amazon.com/iam/index.html"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "AWS Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": ["https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html", "https://docs.aws.amazon.com/secretsmanager/latest/userguide/best-practices.html"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "AWS Secrets Manager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html", "https://docs.aws.amazon.com/secretsmanager/latest/userguide/best-practices.html"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "AWS Secrets Manager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html", "https://docs.aws.amazon.com/secretsmanager/latest/userguide/best-practices.html"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "AWS Secrets Manager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html", "https://docs.aws.amazon.com/secretsmanager/latest/userguide/best-practices.html"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "AWS Secrets Manager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may prevent harvesting of unsecured credentials by removing credentials and secrets from applications and configuration files and requiring authenticated API calls to retrieve those credentials and secrets. This control is relevant for credentials stored in applications or configuration files but not credentials entered directly by a user.", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Secrets Manager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1552"}, {"comments": "This control may prevent harvesting of unsecured credentials by removing credentials and secrets from applications and configuration files and requiring authenticated API calls to retrieve those credentials and secrets. This control is relevant for credentials stored in applications or configuration files but not credentials entered directly by a user.", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Secrets Manager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1552"}, {"comments": "This control may prevent harvesting of unsecured credentials by removing credentials and secrets from applications and configuration files and requiring authenticated API calls to retrieve those credentials and secrets. This control is relevant for credentials stored in applications or configuration files but not credentials entered directly by a user.", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Secrets Manager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1552"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block malicious or unwanted traffic leveraging application layer protocols. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1071"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block malicious or unwanted traffic leveraging application layer protocols. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1071"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block malicious or unwanted traffic leveraging application layer protocols. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1071"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block malicious or unwanted traffic leveraging application layer protocols. As a result, this mapping is given a score of Significant.", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1071"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block adversaries from carrying out denial of service attacks by implementing restrictions on which IP addresses and domains can access the resources (e.g., allow lists) as well as which protocol traffic is permitted. That is, the AWS Network Firewall could block the source of the denial of service attack. This mapping is given a score of Partial because the source of the attack would have to be known before rules could be put in place to protect against it. ", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block adversaries from carrying out denial of service attacks by implementing restrictions on which IP addresses and domains can access the resources (e.g., allow lists) as well as which protocol traffic is permitted. That is, the AWS Network Firewall could block the source of the denial of service attack. This mapping is given a score of Partial because the source of the attack would have to be known before rules could be put in place to protect against it. ", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block adversaries from carrying out denial of service attacks by implementing restrictions on which IP addresses and domains can access the resources (e.g., allow lists) as well as which protocol traffic is permitted. That is, the AWS Network Firewall could block the source of the denial of service attack. This mapping is given a score of Partial because the source of the attack would have to be known before rules could be put in place to protect against it. ", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block adversaries from accessing resources from which to exfiltrate data as well as prevent resources from communicating with known-bad IP addresses and domains that might be used to receive exfiltrated data. This mapping is given a score of Partial because the known-bad IP addresses and domains would need to be known in advance and AWS Network Firewall wouldn't have deep packet inspection visibility into encrypted non-C2 protocols. ", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block adversaries from accessing resources from which to exfiltrate data as well as prevent resources from communicating with known-bad IP addresses and domains that might be used to receive exfiltrated data. This mapping is given a score of Partial because the known-bad IP addresses and domains would need to be known in advance and AWS Network Firewall wouldn't have deep packet inspection visibility into encrypted non-C2 protocols. ", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block adversaries from accessing resources from which to exfiltrate data as well as prevent resources from communicating with known-bad IP addresses and domains that might be used to receive exfiltrated data. This mapping is given a score of Partial because the known-bad IP addresses and domains would need to be known in advance and AWS Network Firewall wouldn't have deep packet inspection visibility into encrypted non-C2 protocols. ", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block the sources of smaller-scale network denial of service attacks. This mapping is given a score of Minimal because often times it is necessary to block the traffic at an Internet Service Provider or Content Provider Network level. ", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1498"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block the sources of smaller-scale network denial of service attacks. This mapping is given a score of Minimal because often times it is necessary to block the traffic at an Internet Service Provider or Content Provider Network level. ", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1498"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block traffic from known bad IP addresses and to known bad domains that serve as proxies for adversaries. This mapping is given a score of partial because it only blocks known bad IP addresses and domains and does not protect against unknown ones.", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block traffic from known bad IP addresses and to known bad domains that serve as proxies for adversaries. This mapping is given a score of partial because it only blocks known bad IP addresses and domains and does not protect against unknown ones.", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to only allow remote services from trusted hosts (i.e., only allow remote access traffic from certain hosts). This mapping is given a score of Partial because even though it can restrict remote services traffic from untrusted hosts, it cannot protect against an adversary using a trusted host that is permitted to use remote services as part of an attack.", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to only allow remote services from trusted hosts (i.e., only allow remote access traffic from certain hosts). This mapping is given a score of Partial because even though it can restrict remote services traffic from untrusted hosts, it cannot protect against an adversary using a trusted host that is permitted to use remote services as part of an attack.", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to only allow remote services from trusted hosts (i.e., only allow remote access traffic from certain hosts). This mapping is given a score of Partial because even though it can restrict remote services traffic from untrusted hosts, it cannot protect against an adversary using a trusted host that is permitted to use remote services as part of an attack.", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to only allow remote services from trusted hosts (i.e., only allow remote access traffic from certain hosts). This mapping is given a score of Partial because even though it can restrict remote services traffic from untrusted hosts, it cannot protect against an adversary using a trusted host that is permitted to use remote services as part of an attack.", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to only allow remote services from trusted hosts (i.e., only allow remote access traffic from certain hosts). This mapping is given a score of Partial because even though it can restrict remote services traffic from untrusted hosts, it cannot protect against an adversary using a trusted host that is permitted to use remote services as part of an attack.", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block traffic to unused ports from reaching hosts on the network which may help protect against port knocking from external systems. This mapping is given a score of partial because the AWS Network Firewall does not do anything to protect against port knocking among hosts within the network and behind the firewall.", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1205"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to restrict access to the endpoints within the virtual private cloud and protect against active scanning. This mapping is given a score of Partial because it only protects against active scanning attacks that originate from outside the firewall and not from within network protected by the firewall. ", "attack-object-id": "T1595.001", "attack-object-name": "Scanning IP Blocks", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to restrict access to the endpoints within the virtual private cloud and protect against active scanning. This mapping is given a score of Partial because it only protects against active scanning attacks that originate from outside the firewall and not from within network protected by the firewall. ", "attack-object-id": "T1595.002", "attack-object-name": "Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to block traffic over known TFTP ports. This mapping is given a score of Partial because AWS Network Firewall does not do anything to protect against TFTP booting among hosts within the network and behind the firewall.", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1542"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1018", "attack-object-name": "Remote System Discovery", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1590", "attack-object-name": "Gather Victim Network Information", "references": ["https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html"], "tags": ["Network"], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to restrict access to the endpoints within the virtual private cloud and protect against adversaries gathering information about the network. This mapping is given a score of Partial because it only protects against attempts to gather information via scanning that originate from outside the firewall and it does not protect against phishing. ", "attack-object-id": "T1590.001", "attack-object-name": "Domain Properties", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to restrict access to the endpoints within the virtual private cloud and protect against adversaries gathering information about the network. This mapping is given a score of Partial because it only protects against attempts to gather information via scanning that originate from outside the firewall and it does not protect against phishing. ", "attack-object-id": "T1590.004", "attack-object-name": "Network Topology", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to restrict access to the endpoints within the virtual private cloud and protect against adversaries gathering information about the network. This mapping is given a score of Partial because it only protects against attempts to gather information via scanning that originate from outside the firewall and it does not protect against phishing. ", "attack-object-id": "T1590.005", "attack-object-name": "IP Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "AWS Network Firewall has the ability to pass, drop, or alert on traffic based on the network protocol as well as perform deep packet inspection on the payload. This functionality can be used to restrict access to the endpoints within the virtual private cloud and protect against adversaries gathering information about the network. This mapping is given a score of Partial because it only protects against attempts to gather information via scanning that originate from outside the firewall and it does not protect against phishing. ", "attack-object-id": "T1590.006", "attack-object-name": "Network Security Appliances", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Network Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "AWS Single Sign-On", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may protect against malicious use of valid accounts by implementing fine grained and least privilege access through use of permission sets (a collection of administrator-defined policies that AWS SSO uses to determine a user's effective permissions to access a given AWS account). The ability to reduce the set of credentials and accounts needed for a user allows for simpler and safer access and privilege management.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Single Sign-On", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "This control may protect against malicious use of valid accounts by implementing fine grained and least privilege access through use of permission sets (a collection of administrator-defined policies that AWS SSO uses to determine a user's effective permissions to access a given AWS account). The ability to reduce the set of credentials and accounts needed for a user allows for simpler and safer access and privilege management.", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Single Sign-On", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "AWS Single Sign-On", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "AWS Single Sign-On", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may protect against brute force techniques by enabling multi-factor authentication. All accounts that can be replace with single sign-on can benefit from a unified multi-factor authentication requirement.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Single Sign-On", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control may protect against brute force techniques by enabling multi-factor authentication. All accounts that can be replace with single sign-on can benefit from a unified multi-factor authentication requirement.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Single Sign-On", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control may protect against brute force techniques by enabling multi-factor authentication. All accounts that can be replace with single sign-on can benefit from a unified multi-factor authentication requirement.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS Single Sign-On", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://aws.amazon.com/cloudhsm/", "https://docs.aws.amazon.com/cloudhsm/latest/userguide/use-cases.html", "https://docs.aws.amazon.com/cloudhsm/latest/userguide/introduction.html"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "AWS CloudHSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This service provides a more secure alternative to storing encryption keys in the file system. As a result of this service only supporting cryptographic keys and not other types of credentials, the coverage score is assessed as Partial resulting in an overall Partial score.", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS CloudHSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1552"}, {"comments": "This service allows for securely storing encryption keys and enforcing fine-grained access to the keys. The service does not allow anyone access to retrieve plaintext keys from the service.", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS CloudHSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1552"}, {"comments": "", "attack-object-id": "T1588", "attack-object-name": "Obtain Capabilities", "references": ["https://aws.amazon.com/cloudhsm/", "https://docs.aws.amazon.com/cloudhsm/latest/userguide/use-cases.html", "https://docs.aws.amazon.com/cloudhsm/latest/userguide/introduction.html"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "AWS CloudHSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Certificate credentials can be stored in AWS CloudHSM which reduces the attack surface and threat from these sub-techniques.", "attack-object-id": "T1588.004", "attack-object-name": "Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS CloudHSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1588"}, {"comments": "Certificate credentials can be stored in AWS CloudHSM which reduces the attack surface and threat from these sub-techniques.", "attack-object-id": "T1588.003", "attack-object-name": "Code Signing Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS CloudHSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1588"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": ["https://aws.amazon.com/cloudhsm/", "https://docs.aws.amazon.com/cloudhsm/latest/userguide/use-cases.html", "https://docs.aws.amazon.com/cloudhsm/latest/userguide/introduction.html"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "AWS CloudHSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Use cases in documentation show that certificate credentials can be stored in AWS CloudHSM which reduces the attack surface and threat from these sub-techniques.", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS CloudHSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1553"}, {"comments": "Use cases in documentation show that certificate credentials can be stored in AWS CloudHSM which reduces the attack surface and threat from these sub-techniques.", "attack-object-id": "T1553.002", "attack-object-name": "Code Signing", "references": [], "tags": [], "mapping-description": "", "capability-id": "AWS CloudHSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1553"}]} diff --git a/src/mappings_explorer/cli/parsed_mappings/security_stack/Azure/parsed_Azure.json b/src/mappings_explorer/cli/parsed_mappings/security_stack/Azure/parsed_Azure.json index e18257f1..c55a9239 100644 --- a/src/mappings_explorer/cli/parsed_mappings/security_stack/Azure/parsed_Azure.json +++ b/src/mappings_explorer/cli/parsed_mappings/security_stack/Azure/parsed_Azure.json @@ -1 +1 @@ -{"metadata": {"mapping-version": 1, "attack-version": 8.2, "technology-domain": "enterprise", "author": "", "contact": "ctid@mitre-engenuity.org", "creation-date": "03/4/2021", "last-update": "", "organization": "", "mapping-framework": "Azure", "mapping-framework-version": ""}, "attack-objects": [{"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azuread-identity-protection-adds-support-for-federated/ba-p/244328"], "tags": ["Credentials", "Azure Active Directory", "Identity", "Microsoft 365 Defender"], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azuread-identity-protection-adds-support-for-federated/ba-p/244328"], "tags": ["Credentials", "Azure Active Directory", "Identity", "Microsoft 365 Defender"], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides risk detections that can be used to detect suspicious uses of valid accounts, e.g.: Anonymous IP address, Atypical travel, Malware linked IP address, Unfamiliar sign-in properties, etc. Microsoft utilizes machine learning and heuristic systems to reduce the false positive rate but there will be false positives.\nThe temporal factor of this control's detection is low because although there are some real-time detections most are offline detections (multi-day).", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "Response Type: Eradication\nSupports blocking and resetting the user's credentials based on the detection of a risky user/sign-in manually and also supports automation via its user and sign-in risk policies.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1078"}, {"comments": "When Azure Active Directory (AAD) Federation is configured for a tenant, an adversary that compromises a domain credential can use it to access (Azure) cloud resources. Identity Protection supports applying its risk detections (e.g.: Anonymous IP address, Atypical travel, Malware linked IP address, Unfamiliar sign-in properties, etc.) to federated identities thereby providing detection mitigation for this risk. Because this detection is specific to an adversary utilizing valid domain credentials to access cloud resources and does not mitigate the usage of valid domain credentials to access on-premise resources, this detection has been scored as Partial.\n\nThe temporal factor of this control's detection is low because although there are some real-time detections most are offline detections (multi-day).", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "Response Type: Containment\nSupports risk detection responses such as blocking a user's access and enforcing MFA. These responses contain the impact of this sub-technique but do not eradicate it (by forcing a password reset).", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Partial", "related-score": "T1078"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azuread-identity-protection-adds-support-for-federated/ba-p/244328"], "tags": ["Credentials", "Azure Active Directory", "Identity", "Microsoft 365 Defender"], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azuread-identity-protection-adds-support-for-federated/ba-p/244328"], "tags": ["Credentials", "Azure Active Directory", "Identity", "Microsoft 365 Defender"], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Partial", "related-score": ""}, {"comments": "This control supports detecting risky sign-ins and users that involve federated users and therefore can potentially alert on this activity. Not all alert types for this control support federated accounts therefore the detection coverage for this technique is partial.", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1606"}, {"comments": "Response Type: Eradication\nSupports blocking and resetting the user's credentials based on the detection of a risky user/sign-in manually and also supports automation via its user and sign-in risk policies.", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1606"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azuread-identity-protection-adds-support-for-federated/ba-p/244328"], "tags": ["Credentials", "Azure Active Directory", "Identity", "Microsoft 365 Defender"], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azuread-identity-protection-adds-support-for-federated/ba-p/244328"], "tags": ["Credentials", "Azure Active Directory", "Identity", "Microsoft 365 Defender"], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Minimal", "related-score": ""}, {"comments": "This control specifically provides detection of Password Spray attacks for Azure Active Directory accounts. Microsoft documentation states that this detection is based on a machine learning algorithm that has been improved with the latest improvement yielding a 100 percent increase in recall and 98 percent precision. The temporal factor for this detection is Partial as its detection is described as offline (i.e. detections may not show up in reporting for two to twenty-four hours).", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "Response Type: Eradication\nSupports blocking and resetting the user's credentials based on the detection of a risky user/sign-in (such as Password Spray attack) manually and also supports automation via its user and sign-in risk policies.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1110"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may detect suspicious activity from existing Windows accounts and logons from suspicious IP addresses. The following alerts may be generated: \"A logon from a malicious IP has been detected\", \"A logon from a malicious IP has been detected. [seen multiple times]\".", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "This control may detect suspicious activity from existing Windows accounts and logons from suspicious IP addresses. The following alerts may be generated: \"A logon from a malicious IP has been detected\", \"A logon from a malicious IP has been detected. [seen multiple times]\".", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect suspicious usage of PowerShell and the Windows command line. These detections include usage of suspicious arguments, dynamic script construction, and shellcode on the commandline. The following alerts may be generated: \"Detected anomalous mix of upper and lower case characters in command-line\", \"Detected encoded executable in command line data\", \"Detected obfuscated command line\", \"Detected suspicious combination of HTA and PowerShell\", \"Detected suspicious commandline arguments\", \"Detected suspicious commandline used to start all executables in a directory\", \"Detected suspicious credentials in commandline\", \"Dynamic PS script construction\", \"Suspicious PowerShell Activity Detected\", \"Suspicious PowerShell cmdlets executed\", \"Suspicious command execution\".", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1059"}, {"comments": "This control may detect suspicious usage of PowerShell and the Windows command line. These detections include usage of suspicious arguments, dynamic script construction, and shellcode on the commandline. The following alerts may be generated: \"Detected anomalous mix of upper and lower case characters in command-line\", \"Detected encoded executable in command line data\", \"Detected obfuscated command line\", \"Detected suspicious combination of HTA and PowerShell\", \"Detected suspicious commandline arguments\", \"Detected suspicious commandline used to start all executables in a directory\", \"Detected suspicious credentials in commandline\", \"Dynamic PS script construction\", \"Suspicious PowerShell Activity Detected\", \"Suspicious PowerShell cmdlets executed\", \"Suspicious command execution\".", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1059"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may detect the usage of a malware dropper and other indicators of a malicious file being executed by the user. The following alerts may be generated: \"Detected possible execution of keygen executable\", \"Detected possible execution of malware dropper\", \"Detected suspicious file creation\".", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1204"}, {"comments": "", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect when the Registry is leveraged to gain persistence. The following alerts may be generated: \"Windows registry persistence method detected\".", "attack-object-id": "T1547.001", "attack-object-name": "Registry Run Keys / Startup Folder", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect when an account is created with an account name that closely resembles a standard Windows account or group name. This may be an account created by an attacker to blend into the environment. The following alerts may be generated: \"Suspicious Account Creation Detected\".", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1136"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect when the tscon.exe binary is installed as a service to exploit RDP sessions or when a rare service group is executed under SVCHOST. The following alerts may be generated: \"Suspect service installation\".", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1543"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect when a suspicious screensaver process is executed, based on the location of the .scr file. Because this detection is based solely on the location of the file, it has been scored as Partial. The following alerts may be generated: \"Suspicious Screensaver process executed\".", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1546"}, {"comments": "This control may detect when the binary for the sticky keys utility has been replaced, possibly to gain persistence or execution. The following alerts may be generated: \"Sticky keys attack detected\".", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1546"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect when User Account Control is bypassed by manipulating the Windows registry. There may be other methods to Bypass User Account Control which limits the score to Minimal. The following alerts may be generated: \"Detected change to a registry key that can be abused to bypass UAC\"", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1548"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate. The following alerts may be generated: \"Fileless attack technique detected\", \"Fileless attack behavior detected\", \"Fileless attack toolkit detected\", \"Suspicious SVCHOST process executed\".", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate. The following alerts may be generated: \"Fileless attack technique detected\", \"Fileless attack behavior detected\", \"Fileless attack toolkit detected\", \"Suspicious SVCHOST process executed\".", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate. The following alerts may be generated: \"Fileless attack technique detected\", \"Fileless attack behavior detected\", \"Fileless attack toolkit detected\", \"Suspicious SVCHOST process executed\".", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate. The following alerts may be generated: \"Fileless attack technique detected\", \"Fileless attack behavior detected\", \"Fileless attack toolkit detected\", \"Suspicious SVCHOST process executed\".", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate. The following alerts may be generated: \"Fileless attack technique detected\", \"Fileless attack behavior detected\", \"Fileless attack toolkit detected\", \"Suspicious SVCHOST process executed\".", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate. The following alerts may be generated: \"Fileless attack technique detected\", \"Fileless attack behavior detected\", \"Fileless attack toolkit detected\", \"Suspicious SVCHOST process executed\".", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate. The following alerts may be generated: \"Fileless attack technique detected\", \"Fileless attack behavior detected\", \"Fileless attack toolkit detected\", \"Suspicious SVCHOST process executed\".", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate. The following alerts may be generated: \"Fileless attack technique detected\", \"Fileless attack behavior detected\", \"Fileless attack toolkit detected\", \"Suspicious SVCHOST process executed\".", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1140", "attack-object-name": "Deobfuscate/Decode Files or Information", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect the usage of cacls.exe to modify file and directory permissions. The following alerts may be generated: \"Detected suspicious use of Cacls to lower the security state of the system\".", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1222"}, {"comments": "", "attack-object-id": "T1564", "attack-object-name": "Hide Artifacts", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect usage of the WindowPosition Registry value to hide application windows in non-visible sections of the desktop. The following alerts may be generated: \"Suspicious WindowPosition registry value detected\".", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1564"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect modification of the Windows firewall through use of netsh.exe or using a method that matches a known threat actor. The following alerts may be generated: \"Malicious firewall rule created by ZINC server implant [seen multiple times]\", \"Detected suspicious new firewall rule\".", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1562"}, {"comments": "This control may detect when critical services have been disabled, such as Windows Security Center. This control may also detect when IIS logging has been disabled. The following alerts may be generated: \"Detected the disabling of critical services\", \"Detected actions indicative of disabling and deleting IIS log files\".", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1562"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect suspicious file cleanup commands and shadow copy deletion activity. The following alerts may be generated: \"Detected suspicious file cleanup commands\", \"Suspicious Volume Shadow Copy Activity\".", "attack-object-id": "T1070.004", "attack-object-name": "File Deletion", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1070"}, {"comments": "This control may detect when an event log has been cleared or IIS logs have been deleted. The following alerts may be generated: \"Detected actions indicative of disabling and deleting IIS log files\", \"An event log was cleared\".", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1070"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect suspicious usage of Mshta to execute PowerShell and suspicious Rundll32 execution. The following alerts may be generated: \"Detected suspicious execution via rundll32.exe\", \"Detected suspicious combination of HTA and PowerShell\".", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1218"}, {"comments": "This control may detect suspicious usage of Mshta to execute PowerShell and suspicious Rundll32 execution. The following alerts may be generated: \"Detected suspicious execution via rundll32.exe\", \"Detected suspicious combination of HTA and PowerShell\".", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1218"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may detect successful and failed brute force attempts with logic that factors the IP, time between attempts, and other suspicious activity. The following alerts may be generated: \"A logon from a malicious IP has been detected\", \"A logon from a malicious IP has been detected. [seen multiple times]\", \"Successful brute force attack\", \"Suspicious authentication activity\".", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control may detect successful and failed brute force attempts with logic that factors the IP, time between attempts, and other suspicious activity. The following alerts may be generated: \"A logon from a malicious IP has been detected\", \"A logon from a malicious IP has been detected. [seen multiple times]\", \"Successful brute force attack\", \"Suspicious authentication activity\".", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control may detect successful and failed brute force attempts with logic that factors the IP, time between attempts, and other suspicious activity. The following alerts may be generated: \"A logon from a malicious IP has been detected\", \"A logon from a malicious IP has been detected. [seen multiple times]\", \"Successful brute force attack\", \"Suspicious authentication activity\".", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect when the registry is modified to allow logon credentials to be stored in clear text in LSA memory. This change allows a threat actor to gain plain text credentials from the host machine. The following alerts may be generated: \"Detected enabling of the WDigest UseLogonCredential registry key\".", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1003"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect commandline parameters consistent with a Kerberos Golden Ticket attack. The following alerts may be generated: \"Suspected Kerberos Golden Ticket attack parameters observed\".", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1558"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may detect when the local administrators group is enumerated or when mulitiple domain accounts are queried. The following alerts may be generated: \"Multiple Domain Accounts Queried\", \"Local Administrators group members were enumerated\".", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1087"}, {"comments": "This control may detect when the local administrators group is enumerated or when mulitiple domain accounts are queried. The following alerts may be generated: \"Multiple Domain Accounts Queried\", \"Local Administrators group members were enumerated\".", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1087"}, {"comments": "", "attack-object-id": "T1082", "attack-object-name": "System Information Discovery", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may detect RDP hijacking through use of the tscon.exe binary. The following alerts may be generated: \"Suspect integrity level indicative of RDP hijacking\", \"Suspect service installation\".", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1563"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect suspicious use of the Telegram tool for transferring malicious binaries across hosts. The following alerts may be generated: \"Detected potentially suspicious use of Telegram tool\".", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1048"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1202", "attack-object-name": "Indirect Command Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Authentication to Linux machines should require SSH keys\" can obviate SSH Brute Force password attacks. Because this is specific to Linux, the coverage score is Minimal leading to an overall Minimal score.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "This control's \"Authentication to Linux machines should require SSH keys\" can obviate SSH Brute Force password attacks. Because this is specific to Linux, the coverage score is Minimal leading to an overall Minimal score.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "This control's \"Authentication to Linux machines should require SSH keys\" can obviate SSH Brute Force password attacks. Because this is specific to Linux, the coverage score is Minimal leading to an overall Minimal score.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's \"Secure Boot should be enabled on your Linux virtual machine\" and \"Virtual machines should be attested for boot integrity health\" recommendations can lead to enabling secure boot on Linux VMs to mitigate these sub-techniques. Because this recommendation is specific to Linux VM and is a recommendation, its score is capped at Partial.", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1542"}, {"comments": "This control's \"Secure Boot should be enabled on your Linux virtual machine\" and \"Virtual machines should be attested for boot integrity health\" recommendations can lead to enabling secure boot on Linux VMs to mitigate these sub-techniques. Because this recommendation is specific to Linux VM and is a recommendation, its score is capped at Partial.", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1542"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Container CPU and memory limits should be enforced\" recommendation can lead to preventing resource exhaustion attacks by recommending enforcing limits for containers to ensure the runtime prevents the container from using more than the configured resource limit. Because this is a recommendation, its score is capped at Partial.", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing modification of a Kubernetes container's file system which can mitigate this technique. Because this recommendation is specific to Kubernetes containers, its score is Minimal.", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1098"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing system files from being modified in Kubernetes containers thereby mitigating this sub-technique since adding an account (on Linux) requires modifying system files. Because this is a recommendation, its score is capped at Partial.", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1136"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing the addition or modification of systemd service files in Kubernetes containers thereby mitigating this sub-technique. Because this is a recommendation, and specific to Kubernetes containers, its score is assessed as Minimal.", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1543"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing the addition or modification of the file system in Kubernetes containers thereby mitigating this sub-technique. Because this is a recommendation, and specific to Kubernetes containers, its score is assessed as Minimal.", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1546"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing modifications to the file system in Kubernetes containers which can mitigate adversaries installing web shells. Because this is a recommendation, and specific to Kubernetes containers, its score is assessed as Minimal.", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1505"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing the modification of the file system permissions in Kubernetes containers thereby mitigating this sub-technique. Because this is a recommendation, and specific to Kubernetes containers, its score is assessed as Minimal.", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1222"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1564", "attack-object-name": "Hide Artifacts", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing these sub-techniques which result in changes to the file system directly or indirectly during their execution. Because this is a recommendation, and specific to Kubernetes containers, its score is assessed as Minimal.", "attack-object-id": "T1564.001", "attack-object-name": "Hidden Files and Directories", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1564"}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing these sub-techniques which result in changes to the file system directly or indirectly during their execution. Because this is a recommendation, and specific to Kubernetes containers, its score is assessed as Minimal.", "attack-object-id": "T1564.005", "attack-object-name": "Hidden File System", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1564"}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing these sub-techniques which result in changes to the file system directly or indirectly during their execution. Because this is a recommendation, and specific to Kubernetes containers, its score is assessed as Minimal.", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1564"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing the addition or modification of config files in Kubernetes containers required to implement the behaviors described in these sub-techniques. Because this is a recommendation, and specific to Kubernetes containers, its score is assessed as Minimal.", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1053"}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing the addition or modification of config files in Kubernetes containers required to implement the behaviors described in these sub-techniques. Because this is a recommendation, and specific to Kubernetes containers, its score is assessed as Minimal.", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1053"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing this sub-technique which often modifies Pluggable Authentication Modules (PAM) components in the file system. Because this is a recommendation, and specific to Kubernetes containers, its score is assessed as Minimal.", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1556"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1074", "attack-object-name": "Data Staged", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to mitigating this sub-technique by preventing modification of the local filesystem. Due to it being a recommendation, its score is capped at Partial.", "attack-object-id": "T1074.001", "attack-object-name": "Local Data Staging", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1074"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to mitigating this sub-technique by preventing modification of the local filesystem. \n\nLikewise this control's recommendations related to using customer-managed keys to encrypt data at rest and enabling transparent data encryption for SQL databases can mitigate this sub-technique by reducing an adversary's ability to perform tailored data modifications.\n\nDue to it being a recommendation, its score is capped at Partial.", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1565"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Deprecated accounts should be removed from your subscription\" and \"Deprecated accounts with owner permissions should be removed from your subscription\" recommendation can lead to removing accounts that should not be utilized from your subscriptions thereby denying adversaries the usage of these accounts to find ways to access your data without being noticed. \nLikewise, the recommendations related to External account permissions can also mitigate this sub-technique.\nBecause these are recommendations and only limited to deprecated and external accounts, this is scored as Minimal.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1078"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-storage-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurestorage"], "tags": ["Azure Defender", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Defender for Storage", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-storage-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurestorage"], "tags": ["Azure Defender", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Defender for Storage", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may generate alerts based on unfamiliar or suspicious IP addresses, TOR exit node, and anonymous access. ", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for Storage", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1078"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-storage-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurestorage"], "tags": ["Azure Defender", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Defender for Storage", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-storage-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurestorage"], "tags": ["Azure Defender", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Defender for Storage", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-storage-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurestorage"], "tags": ["Azure Defender", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Defender for Storage", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-storage-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurestorage"], "tags": ["Azure Defender", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Defender for Storage", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-storage-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurestorage"], "tags": ["Azure Defender", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Defender for Storage", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-storage-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurestorage"], "tags": ["Azure Defender", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Defender for Storage", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on suspicious commandline activity. Alerts may be generated on possible detection of shellcode usage on the commandline, based on arguments, location, user, etc.", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1059"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on addition of new SSH keys to the authorized key file and unusual process access of the authorized key file.", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1098"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on a suspicious shared object file being loaded as a kernel module. No documentation is provided on the logic but kernel module loading is a relatively rare event and can only be done with a small set of commands.", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on usage of the useradd command to create new users and the creation of local user accounts with suspicious similarity to other account names.", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1136"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on usage of web shells. No documentation is provided on logic for this detection.", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1505"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1564", "attack-object-name": "Hide Artifacts", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on the execution of hidden files. Since this control is only triggered on execution, it may not fire on a variety of hidden files or directories that are being utilized for malicious purposes.", "attack-object-id": "T1564.001", "attack-object-name": "Hidden Files and Directories", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1564"}, {"comments": "This control may alert on containers using privileged commands, running SSH servers, or running mining software.", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1564"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on manipulation of the on-host firewall. Firewall rules should not be changed often in a standard environment and such an event can provide a high fidelity alert.", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1562"}, {"comments": "This control may alert on activity which disables auditd logging on Linux endpoints. The auditd package may not be the only logging system being utilized and this control may not alert on activity that disables other logging software.", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may alert on possible log tampering activity, including deletion of logs. No documentation is provided on which log sources are targeted by this control.", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1070"}, {"comments": "This control may alert on clearing of the command history file. Documentation is not provided on the logic for detecting when the command history is cleared but on Linux machines the location of the history file tends not to change from the default.", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1070"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on suspicious compilation. No documentation is provided on the logic for determining a suspicious compilation event.", "attack-object-id": "T1027.004", "attack-object-name": "Compile After Delivery", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1027"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may alert on multiple successful and failed brute force attempts against SSH. There are no alerts for other methods of logging into Linux machines.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This control may alert on multiple successful and failed brute force attempts against SSH. There are no alerts for other methods of logging into Linux machines.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This control may alert on multiple successful and failed brute force attempts against SSH. There are no alerts for other methods of logging into Linux machines.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may alert on suspicious access to encrypted user passwords. The documentation does not reference \"/etc/passwd\" and \"/etc/shadow\" directly nor does it describe the logic in determining suspicious access.", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1003"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alerts on SSH brute force attempts, addition of new SSH keys, and usage of a SSH server within a container. Alerts may not be generated by usage of existing SSH keys by malicious actors for lateral movement.", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1113", "attack-object-name": "Screen Capture", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-resource-manager-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-resourcemanager"], "tags": ["Azure Defender"], "mapping-description": "", "capability-id": "Azure Defender for Resource Manager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following alerts are available for Windows Defender security features being disabled but none for third party security tools: \"Antimalware broad files exclusion in your virtual machine\", \"Antimalware disabled and code execution in your virtual machine\", \"Antimalware disabled in your virtual machine\", \"Antimalware file exclusion and code execution in your virtual machine\", \"Antimalware file exclusion in your virtual machine\", \"Antimalware real-time protection was disabled in your virtual machine\", \"Antimalware real-time protection was disabled temporarily in your virtual machine\", \"Antimalware real-time protection was disabled temporarily while code was executed in your virtual machine\", \"Antimalware temporarily disabled in your virtual machine\", \"Antimalware unusual file exclusion in your virtual machine\".", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for Resource Manager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1562"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-resource-manager-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-resourcemanager"], "tags": ["Azure Defender"], "mapping-description": "", "capability-id": "Azure Defender for Resource Manager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-resource-manager-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-resourcemanager"], "tags": ["Azure Defender"], "mapping-description": "", "capability-id": "Azure Defender for Resource Manager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1526", "attack-object-name": "Cloud Service Discovery", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-resource-manager-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-resourcemanager"], "tags": ["Azure Defender"], "mapping-description": "", "capability-id": "Azure Defender for Resource Manager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1069", "attack-object-name": "Permission Groups Discovery", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-resource-manager-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-resourcemanager"], "tags": ["Azure Defender"], "mapping-description": "", "capability-id": "Azure Defender for Resource Manager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on Permission Groups Discovery of Cloud Groups activity generated by specific toolkits, such as MicroBurst, PowerZure, etc. It may not generate alerts on undocumented discovery techniques or exploitation toolkits. The following alerts may be generated: \"MicroBurst exploitation toolkit used to enumerate resources in your subscriptions\", \"Azurite toolkit run detected\".", "attack-object-id": "T1069.003", "attack-object-name": "Cloud Groups", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for Resource Manager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1069"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-resource-manager-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-resourcemanager"], "tags": ["Azure Defender"], "mapping-description": "", "capability-id": "Azure Defender for Resource Manager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on Account Discovery of Cloud Accounts activity generated by specific toolkits, such as MicroBurst, PowerZure, etc. It may not generate alerts on undocumented discovery techniques or exploitation toolkits. The following alerts may be generated: \"PowerZure exploitation toolkit used to enumerate storage containers, shares, and tables\", \"PowerZure exploitation toolkit used to enumerate resources\", \"MicroBurst exploitation toolkit used to enumerate resources in your subscriptions\", \"Azurite toolkit run detected\".", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for Resource Manager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1087"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-resource-manager-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-resourcemanager"], "tags": ["Azure Defender"], "mapping-description": "", "capability-id": "Azure Defender for Resource Manager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-resource-manager-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-resourcemanager"], "tags": ["Azure Defender"], "mapping-description": "", "capability-id": "Azure Defender for Resource Manager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Can limit access to client management interfaces or configuration databases", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1602"}, {"comments": "Can limit access to client management interfaces or configuration databases", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1602"}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can be used to restrict clients to connecting (and therefore booting) from only trusted network resources.", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1542"}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control can reduce the protocols available for data exfiltration. Temporal immediate, coverage substantial.", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1048"}, {"comments": "This control can reduce the protocols available for data exfiltration. Temporal immediate, coverage substantial.", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1048"}, {"comments": "This control can reduce the protocols available for data exfiltration. Temporal immediate, coverage substantial.", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1048"}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "This control can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "This control can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "This control can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "This control can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "This control can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can be used to restrict access to endpoints and thereby mitigate low-end DOS attacks.", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "This control can be used to restrict access to endpoints and thereby mitigate low-end DOS attacks.", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "This control can be used to restrict access to endpoints and thereby mitigate low-end DOS attacks.", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can restrict access between systems, enclaves, and workloads thereby mitigating these proxy related sub-techniques.", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "This control can restrict access between systems, enclaves, and workloads thereby mitigating these proxy related sub-techniques.", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "This control can restrict access between systems, enclaves, and workloads thereby mitigating these proxy related sub-techniques.", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can be used to implement whitelist based network rules that can mitigate variations of this sub-techniques that result in opening closed ports for communication. Because this control is able to drop traffic before reaching a compromised host, it can effectively mitigate this port knocking sub-technique.", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1205"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The Azure Sentinel Hunting \"Rare processes run by Service accounts\" query can identify potential misuse of default accounts. Because this detection is specific to rare processes its coverage score is Minimal resulting in a Minimal score.", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1078"}, {"comments": "The following Azure Sentinel Hunting queries can identify potential compromise of domain accounts based on access attempts and/or account usage: \"Suspicious Windows Login outside normal hours\", \"User account added or removed from security group by an unauthorized user\", \"User Account added to Built in Domain Local or Global Group\", \"User Login IP Address Teleportation\", \"User made Owner of multiple teams\", \"Tracking Privileged Account Rare Activity\", \"New Admin account activity which was not seen historically\", \"New client running queries\", \"New users running queries\", \"Non-owner mailbox login activity\", \"Powershell or non-browser mailbox login activity\", \"Rare User Agent strings\", \"Same IP address with multiple csUserAgent\" which may indicate that an account is being used from a new device, \"Rare domains seen in Cloud Logs\" when accounts from uncommon domains access or attempt to access cloud resources, \"Same User - Successful logon for a given App and failure on another App within 1m and low distribution\", \"Hosts with new logons\", \"Inactive or new account signins\", \"Long lookback User Account Created and Deleted within 10mins\", \"Anomalous Geo Location Logon\", and \"Anomalous Sign-in Activity\".\nThe following Azure Sentinel Analytics queries can identify potential compromise of domain accounts based on access attempts and/or account usage: \"Anomalous User Agent connection attempt\", \"New UserAgent observed in last 24 hours\" which may indicate that an account is being used from a new device, \"Anomalous sign-in location by user account and authenticating application\", \"Anomalous login followed by Teams action\", \"GitHub Signin Burst from Multiple Locations\", \"Sign-ins from IPs that attempt sign-ins to disabled accounts\", \"Failed Host logons but success logon to AzureAD\", and \"Anomalous RDP Login Detections\".", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "The following Azure Sentinel Hunting queries can identify potential compromise of local accounts based on access attempts and/or account usage: \"Suspicious Windows Login outside normal hours\", \"User Login IP Address Teleportation\", \"User account added or removed from a security group by an unauthorized user\", \"User Account added to Built in Domain Local or Global Group\", \"User added to SQL Server SecurityAdmin Group\", \"User Role altered on SQL Server\", \"User made Owner of multiple teams\", \"Tracking Privileged Account Rare Activity\", and \"Anomalous Login to Devices\".\nThe following Azure Sentinel Analytics queries can identify potential compromise of local accounts based on access attempts and/or account usage: \"User account enabled and disabled within 10 mins\", \"Long lookback User Account Created and Deleted within 10mins\", \"Explicit MFA Deny\", \"Hosts with new logons\", \"Inactive or new account signins\", \"Anomalous SSH Login Detection\", and \"Anomalous RDP Login Detections\".", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "The following Azure Sentinel Hunting queries can identify potential compromise of cloud accounts: \"New Admin account activity which was not seen historically\", \"New client running queries\", \"New users running queries\", \"User returning more data than daily average\", \"User Login IP Address Teleportation\", \"Non-owner mailbox login activity\", \"Powershell or non-browser mailbox login activity\", \"Rare User Agent strings\" and \"Same IP address with multiple csUserAgent\" which may indicate that an account is being used from a new device, \"Rare domains seen in Cloud Logs\", \"Same User - Successful logon for a given App and failure on another App within 1m and low distribution\", \"Anomalous Azure Active Directory Apps based on authentication location\", \"Anomalous Geo Location Logon\", \"Anomalous Sign-in Activity\", \"Azure Active Directory sign-in burst from multiple locations\", and \"Azure Active Directory signins from new locations\".\n\nThe following Azure Sentinel Analytics queries can identify potential compromise of cloud accounts: \"Anomalous User Agent connection attempt\" and \"New UserAgent observed in last 24 hours\", which may indicate that an account is being used from a new device which may belong to an adversary; \"Anomalous sign-in location by user account and authenticating application\", \"GitHub Signin Burst from Multiple Locations\", \"GitHub Activites from a New Country\", and \"Sign-ins from IPs that attempt sign-ins to disabled accounts\", which may indicate adversary access from atypical locations; \"Azure Active Directory PowerShell accessing non-AAD resources\", \"Anomalous login followed by Teams action\", \"Login to AWS management console without MFA\", and \"Azure Active Directory PowerShell accessing non-AAD resources\" which may indicate an adversary attempting to use a valid account to access resources from other contexts. The \"Correlate Unfamiliar sign-in properties\" query can further enhance detection of anomalous activity.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following Azure Sentinel Hunting queries can identify potentially malicious changes to Azure DevOps project resources: \"Azure DevOps - Project Visibility changed to public\" can identify a specific action that may be an indicator of an attacker modifying the cloud compute infrastructure. \"Azure DevOps - Public project created\" and \"Azure DevOps - Public project enabled by admin\" can identify specific instances of potential defense evasion.\nThe following Azure Sentinel Analytics queries can identify potentially malicious changes to Azure DevOps project resources: \"AzureDevops Service Connection Abuse\" can detect potential malicious behavior associated with use of large number of service connections, \"External Upstream Source added to Azure DevOps\" identifies a specific behavior that could compromise the DevOps build pipeline, \"Azure DevOps Pull Request Policy Bypassing - History\" can identify specific potentially malicious behavior that compromises the build process, \"Azure DevOps Pipeline modified by a New User\" identifies potentially malicious activity that could compromise the DevOps pipeline, \"Azure DevOps Administrator Group Monitoring\" monitors for specific activity which could compromise the build/release process, \"New Agent Added to Pool by New User or a New OS\" can detect a suspicious behavior that could potentially compromise DevOps pipeline.", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1195"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The \"Summary of user logons by logon type\" Azure Sentinel Hunting query compares successful and unsuccessful logon attempts to identify potential lateral movement.\nThe following Azure Sentinel Hunting queries can identify potential attempts at credential brute force based on unsuccessful attempts: \"VIP account more than 6 failed logons in 10\", \"Multiple Failed Logon on SQL Server in Short time Span\", \"Permutations on logon attempts by UserPrincipalNames indicating potential brute force\", \"Potential IIS brute force\", \"Failed attempt to access Azure Portal\", \"Failed Login Attempt by Expired account\", \"Failed Logon Attempts on SQL Server\", \"Failed Logon on SQL Server from Same IPAddress in Short time Span\", \"Failed service logon attempt by user account with available AuditData\", \"Login attempt by Blocked MFA user\", \"Login spike with increase failure rate\", \"Attempts to sign-in to disabled accounts by IP address\", \"Attempts to sign-in to disabled accounts by account name\", \"Brute Force attack against Azure Portal\", and \"Anomalous Failed Logon\"\nThe following Azure Sentinel Analytics queries can identify potential attempts at credential brute force based on unsuccessful attempts: \"Brute force attack against Azure Portal\", \"Password spray attack against Azure AD application\", \"Successful logon from IP and failure from a different IP\", \"Failed logon attempts in authpriv\", \"Failed AzureAD logons but success logon to host\", \"Excessive Windows logon failures\", \"Failed login attempts to Azure Portal\", \"Failed logon attempts by valid accounts within 10 mins\", \"Brute Force Attack against GitHub Account\", \"Distributed Password cracking attempts in AzureAD\", \"Potential Password Spray Attack\" based on periodic assessment of Azure Active Directory sign-in events and Okta console logins, \"Attempts to sign in to disabled accounts\", \"Sign-ins from IPs that attempt sign-ins to disabled accounts\", \"High count of failed logins by a user\", \"Hi count of failed attempts same client IP\", \"SSH - Potential Brute Force\", and \"SecurityEvent - Multiple authentication failures followed by success\".", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "The \"Summary of user logons by logon type\" Azure Sentinel Hunting query compares successful and unsuccessful logon attempts to identify potential lateral movement.\nThe following Azure Sentinel Hunting queries can identify potential attempts at credential brute force based on unsuccessful attempts: \"VIP account more than 6 failed logons in 10\", \"Multiple Failed Logon on SQL Server in Short time Span\", \"Permutations on logon attempts by UserPrincipalNames indicating potential brute force\", \"Potential IIS brute force\", \"Failed attempt to access Azure Portal\", \"Failed Login Attempt by Expired account\", \"Failed Logon Attempts on SQL Server\", \"Failed Logon on SQL Server from Same IPAddress in Short time Span\", \"Failed service logon attempt by user account with available AuditData\", \"Login attempt by Blocked MFA user\", \"Login spike with increase failure rate\", \"Attempts to sign-in to disabled accounts by IP address\", \"Attempts to sign-in to disabled accounts by account name\", \"Brute Force attack against Azure Portal\", and \"Anomalous Failed Logon\"\nThe following Azure Sentinel Analytics queries can identify potential attempts at credential brute force based on unsuccessful attempts: \"Brute force attack against Azure Portal\", \"Password spray attack against Azure AD application\", \"Successful logon from IP and failure from a different IP\", \"Failed logon attempts in authpriv\", \"Failed AzureAD logons but success logon to host\", \"Excessive Windows logon failures\", \"Failed login attempts to Azure Portal\", \"Failed logon attempts by valid accounts within 10 mins\", \"Brute Force Attack against GitHub Account\", \"Distributed Password cracking attempts in AzureAD\", \"Potential Password Spray Attack\" based on periodic assessment of Azure Active Directory sign-in events and Okta console logins, \"Attempts to sign in to disabled accounts\", \"Sign-ins from IPs that attempt sign-ins to disabled accounts\", \"High count of failed logins by a user\", \"Hi count of failed attempts same client IP\", \"SSH - Potential Brute Force\", and \"SecurityEvent - Multiple authentication failures followed by success\".", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "The \"Summary of user logons by logon type\" Azure Sentinel Hunting query compares successful and unsuccessful logon attempts to identify potential lateral movement.\nThe following Azure Sentinel Hunting queries can identify potential attempts at credential brute force based on unsuccessful attempts: \"VIP account more than 6 failed logons in 10\", \"Multiple Failed Logon on SQL Server in Short time Span\", \"Permutations on logon attempts by UserPrincipalNames indicating potential brute force\", \"Potential IIS brute force\", \"Failed attempt to access Azure Portal\", \"Failed Login Attempt by Expired account\", \"Failed Logon Attempts on SQL Server\", \"Failed Logon on SQL Server from Same IPAddress in Short time Span\", \"Failed service logon attempt by user account with available AuditData\", \"Login attempt by Blocked MFA user\", \"Login spike with increase failure rate\", \"Attempts to sign-in to disabled accounts by IP address\", \"Attempts to sign-in to disabled accounts by account name\", \"Brute Force attack against Azure Portal\", and \"Anomalous Failed Logon\"\nThe following Azure Sentinel Analytics queries can identify potential attempts at credential brute force based on unsuccessful attempts: \"Brute force attack against Azure Portal\", \"Password spray attack against Azure AD application\", \"Successful logon from IP and failure from a different IP\", \"Failed logon attempts in authpriv\", \"Failed AzureAD logons but success logon to host\", \"Excessive Windows logon failures\", \"Failed login attempts to Azure Portal\", \"Failed logon attempts by valid accounts within 10 mins\", \"Brute Force Attack against GitHub Account\", \"Distributed Password cracking attempts in AzureAD\", \"Potential Password Spray Attack\" based on periodic assessment of Azure Active Directory sign-in events and Okta console logins, \"Attempts to sign in to disabled accounts\", \"Sign-ins from IPs that attempt sign-ins to disabled accounts\", \"High count of failed logins by a user\", \"Hi count of failed attempts same client IP\", \"SSH - Potential Brute Force\", and \"SecurityEvent - Multiple authentication failures followed by success\".", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Hunting \"First access credential added to Application or Service Principal where no credential was present\" query can identify potentially malicious changes to Service Principal credentials.\nThe Azure Sentinel Analytics \"Credential added after admin consented to Application\" and \"New access credential added to Application or Service Principal\" queries can identify potentially malicious manipulation of additional cloud credentials.", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1098"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following Azure Sentinel Analytics queries can identify potentially malicious use of web protocols: \"Powershell Empire cmdlets seen in command line\" can identify use of Empire, which can perform command and control over protocols like HTTP and HTTPS. \"Request for single resource on domain\" can identify patterns that suggest possible command and control beaconing. The coverage for these queries is minimal resulting in an overall Minimal score.", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1071"}, {"comments": "The following Azure Sentinel Hunting queries can identify potentially malicious use of DNS: \"RareDNSLookupWithDataTransfer\" [sic] can identify data transfer over DNS, though it is contingent on DNS traffic meeting the requirements to be considered rare. \"Abnormally Long DNS URI queries\" can identify suspicious DNS queries that may be indicative of command and control operations. \"DNS - domain anomalous lookup increase\", \"DNS Full Name anomalous lookup increase\", and \"DNS lookups for commonly abused TLDs\" can identify increases in domain lookups for a client IP and indicate malicious traffic or exfiltration of sensitive data.", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can identify use of Empire, which can use Dropbox and GitHub for data exfiltration. The Azure Sentinel Analytics \"SharePointFileOperation via previously unseen IPs\" can detect potential exfiltration activity via SharePoint. The coverage for these queries is minimal resulting in an overall Minimal score.", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1567"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can identify use of Empire, which can use Dropbox and GitHub for data exfiltration. The Azure Sentinel Analytics \"SharePointFileOperation via previously unseen IPs\" can detect potential exfiltration activity via SharePoint. The coverage for these queries is minimal resulting in an overall Minimal score.", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1567"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"High count of connections by client IP on many ports\" query can identify client IP addresses with 30 or more active ports used within a ten minute window, checked at a default frequency of once per hour, which may indicate scanning. Note that false positives are probable based on changes in usage patterns and/or misconfiguration, and this detection only works if scanning is not spread out over a longer timespan.", "attack-object-id": "T1595.002", "attack-object-name": "Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following Azure Sentinel Hunting queries can identify potential exfiltration: \"Abnormally long DNS URI queries\" can identify potential exfiltration via DNS. \"Multiple users email forwarded to same destination\" and \"Office Mail Forwarding - Hunting Version\" can detect potential exfiltration via email.\nThe Azure Sentinel Analytics \"Multiple users email forwarded to same destination\" query can detect potential exfiltration via email. The coverage for these queries is minimal resulting in an overall Minimal score.", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1048"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Hunting \"Security Event Log Cleared\" query can detect clearing of the security event logs, though not necessarily clearing of any arbitrary Windows event logs.", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1070"}, {"comments": "The Azure Sentinel Hunting \"Windows System Time changed on hosts\" query can detect potential timestomping activities.\nThe Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can identify use of Empire, which can timestomp files and/or payloads on a target machine to help them blend in.", "attack-object-id": "T1070.006", "attack-object-name": "Timestomp", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1070"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can identify use of Empire, which leverages PowerShell for the majority of its client-side agent tasks and can conduct PowerShell remoting. The coverage for these queries is minimal (specific to Empire) resulting in an overall Minimal score.", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1059"}, {"comments": "The Azure Sentinel Hunting \"Cscript script daily summary breakdown\" can detect potentially malicious scripting. The Azure Sentinel Hunting \"Hosts running a rare process with commandline\" query can identify uncommon command shell usage that may be malicious.\nThe Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can identify use of Empire, which has modules for executing Windows Command Shell scripts. The Azure Sentinel Analytics \"Base64 encoded Windows process command-lines\" query can identify Base64 encoded PE files being launched via the command line.", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1059"}, {"comments": "The Azure Sentinel Hunting \"Rare process running on a Linux host\" query can identify uncommon shell usage that may be malicious.", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1059"}, {"comments": "The Azure Sentinel Hunting \"Cscript script daily summary breakdown\" can detect potentially malicious scripting. The Azure Sentinel Hunting \"Hosts running a rare process with commandline\" query can identify uncommon command shell usage that may be malicious.", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1059"}, {"comments": "The Azure Sentinel Hunting \"Cscript script daily summary breakdown\" can detect potentially malicious scripting. The Azure Sentinel Hunting \"Hosts running a rare process with commandline\" query can identify uncommon command shell usage that may be malicious.", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1059"}, {"comments": "The Azure Sentinel Hunting \"Cscript script daily summary breakdown\" can detect potentially malicious scripting. The Azure Sentinel Hunting \"Hosts running a rare process with commandline\" query can identify uncommon command shell usage that may be malicious.", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1059"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following Azure Sentinel Hunting queries can identify potentially malicious access to SharePoint: \"SharePointFileOperation via clientIP with previously unseen user agents\", \"SharePointFileOperation via devices with previously unseen user agents\", and \"SharePointFileOperation via previously unseen IPs\".\nThe Azure Sentinel Analytics \"SharePointFileOperation via devices with previously unseen user agents\" query can identify a high number of upload or download actions by an unknown and possible malicious actor.", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1213"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1018", "attack-object-name": "Remote System Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The Azure Sentinel Hunting \"New User created on SQL Server\" query can detect a specific type of potentially malicious local account creation.\nThe following Azure Sentinel Analytics queries can identify potentially malicious local account creation: \"Summary of users created using uncommon/undocumented commandline switches\" which can identify use of the net command to create user accounts, \"User created by unauthorized user\", \"User Granted Access and associated audit activity\" and \"User Granted Access and Grants others Access\" which may identify account creation followed by suspicious behavior, \"User account created and deleted within 10 mins\" which suggests an account may have existed only long enough to fulfill a malicious purpose, and \"Powershell Empire cmdlets seen in command line\" which can identify use of Empire, including for account creation.", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1136"}, {"comments": "The following Azure Sentinel Analytics queries can identify potentially malicious domain account creation: \"Summary of users created using uncommon/undocumented commandline switches\" which can identify use of the net command to create user accounts, \"User created by unauthorized user\", \"User Granted Access and associated audit activity\" and \"User Granted Access and Grants others Access\" which may identify account creation followed by suspicious behavior, \"User account created and deleted within 10 mins\" which suggests an account may have existed only long enough to fulfill a malicious purpose, and \"Powershell Empire cmdlets seen in command line\" which can identify use of Empire, including for account creation.", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1136"}, {"comments": "The Azure Sentinel Hunting queries can identify potentially malicious cloud account creation: \"External user added and removed in short timeframe\" and \"External user from a new organisation added\" can identify the addition of new external Teams user accounts.\nThe following Azure Sentinel Analytics queries can identify potentially malicious cloud account creation: \"User Granted Access and created resources\" which identifies a newly created user account gaining access and creating resources in Azure, and \"New Cloud Shell User\".", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1136"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can identify use of Empire, which has the ability to collect emails on a target system. The coverage for these queries is minimal (specific to Empire) resulting in an overall Minimal score.", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1114"}, {"comments": "The Azure Sentinel Hunting \"Suspect Mailbox Export on IIS/OWA\" query can identify potential malicious exfiltration hosting via IIS. The Azure Sentinel Hunting \"Host Exporting Mailbox and Removing Export\" query can identify potential exfiltration of data from Exchange servers. The coverage for these queries is minimal resulting in an overall Minimal score.", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1114"}, {"comments": "The Azure Sentinel Hunting \"Mail redirect via ExO transport rule\" query can detect potentially malicious email redirection, but is limited to Exchange servers only.", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1114"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Hunting \"Web shell command alert enrichment\", \"Web shell Detection\", and \"Web shell file alert enrichment\" queries can identify potentially malicious activity via web shell.", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1505"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following Azure Sentinel Analytics queries can detect potentially malicious usage of asymmetric cryptography channels: \"DNS events related to ToR proxies\" can identify potential use of Tor, though it provides only minimal coverage because it only covers a set of common domains and is easily bypassed via hardcoded IP addresses, redirection, etc. \"Powershell Empire cmdlets seen in command line\" can identify use of Empire, which can use TLS to encrypt a command and control channel.", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1573"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"DNS events related to ToR proxies\" query can identify potential use of Tor, though it provides only minimal coverage because it only covers a set of common domains and is easily bypassed via hardcoded IP addresses, redirection, etc.", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1090"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following Azure Sentinel Hunting queries can identify potentially malicious modifications to Sentinel resources: \"Azure Sentinel Analytics Rules Administrative Operations\", \"Azure Sentinel Connectors Administrative Operations\", and \"Azure Sentinel Workbooks Administrative Operations\".\nThe Azure Sentinel Analytics \"Starting or Stopping HealthService to Avoid Detection\" query can detect potentially malicious disabling of telemetry collection/detection.\nThe coverage for these queries is minimal resulting in an overall Minimal score.", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "The Azure Sentinel Analytics \"Audit policy manipulation using auditpol utility\" query can detect potentially malicious to modification and/or disabling of logging via the auditpol utility. The coverage for these queries is minimal (specific to Audit policy) resulting in an overall Minimal score.", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "The Azure Sentinel Hunting \"Azure Sentinel Analytics Rules Administrative Operations\" query can identify potential attempts to impair defenses by changing or deleting detection analytics.\nThe Azure Sentinel Analytics \"Azure DevOps - Retention Reduced to Zero\" query can identify that an adversary is looking to reduce their malicious activity's footprint by preventing retention of artifacts. Control is specific to indicators produced by Azure DevOps. The coverage for these queries is minimal resulting in an overall Minimal score.", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "The following Azure Sentinel Hunting queries can identify potentially malicious modifications to cloud firewall resources: \"Azure Network Security Group NSG Administrative Operations\" query can identify potential defensive evasion involving changing or disabling network access rules. \"Port opened for an Azure Resource\" may indicate an adversary increasing the accessibility of a resource for easier collection/exfiltration.\nThe Azure Sentinel Analytics \"Security Service Registry ACL Modification\" query can detect attempts to modify registry ACLs, potentially done to evade security solutions.", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1562"}, {"comments": "The Azure Sentinel Analytics \"Exchange AuditLog disabled\" query can detect potentially malicious disabling of Exchange logs. The Azure Sentinel Analytics \"Azure DevOps Audit Stream Disabled\" query can identify disabling of Azure DevOps log streaming. The coverage for these queries is minimal (specific to these technologies) resulting in an overall Minimal score.", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Hunting \"Potential DGA detected\" query can detect clients with a high NXDomain count, which might indicate an adversary cycling through possible C2 domains where most C2s are not live.\nThe following Azure Sentinel Analytics queries can identify potential use of domain generation algorithms: \"Possible contact with a domain generated by a DGA\" and \"Potential DGA detected\" within DNS.", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1568"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following Azure Sentinel Analytics queries can identify potentially malicious use of Outlook rules: \"Office policy tampering\", \"Malicious Inbox Rule\" which can detect rules intended to delete emails that contain certain keywords (generally meant to warn compromised users about adversary behaviors), and \"Mail redirect via ExO transport rule\" (potentially to an adversary mailbox configured to collect mail).", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1137"}, {"comments": "The Azure Sentinel Hunting \"Previously unseen bot or applicaiton added to Teams\" [sic] query can detect the addition of a potentially malicious add-in, but is specific to Microsoft Teams.", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1137"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1140", "attack-object-name": "Deobfuscate/Decode Files or Information", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Azure Sentinel Analytics includes a \"Potential Kerberoasting\" query. Kerberoasting via Empire can also be detected using the Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query.", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1558"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect execution of these sub-techniques via Empire, but does not address other procedures.", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1558"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect execution of these sub-techniques via Empire, but does not address other procedures.", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1558"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Hunting \"anomalous RDP Activity\" query can detect potential lateral\nmovement employing RDP.\n\nThe following Azure Sentinel Analytics queries can identify potentially malicious use\nof RDP:\n\"Anomalous RDP Login Detections\", \"Multiple RDP connections from Single Systems\",\n\"Rare RDP Connections\", and \"RDP Nesting\".", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "The Azure Sentinel Hunting \"Anomalous Resource Access\" query can identify potential lateral movement via use of valid accounts to access network shares (Windows Event 4624:3).", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1021"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can utilize Invoke-DCOM to leverage remote COM execution for lateral movement, but does not address other procedures.", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1021"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which contains modules for executing commands over SSH as well as in-memory VNC agent injection, but does not address other procedures. Azure Sentinel Analytics also provides a \"New internet-exposed SSH endpoints\" query.\nThe coverage for these queries is minimal resulting in an overall Minimal score.", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1021"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Azure DevOps - Variable Secret Not Secured\" query can identify credentials stored in the build process and protect against future credential access by suggesting that they be moved to a secret or stored in KeyVault before they can be accessed by an adversary.\nThe coverage for these queries is minimal resulting in an overall Minimal score.", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1552"}, {"comments": "The Azure Sentinel Hunting \"Query looking for secrets\" query can identify potentially malicious database requests for secrets like passwords or other credentials.\nThe Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can use various modules to search for files containing passwords, but does not address other procedures.\nThe coverage for these queries is minimal resulting in an overall Minimal score.", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1552"}, {"comments": "The Azure Sentinel Analytics \"ADFS DKM Master Key Export\" and \"ADFS Key Export (Sysmon)\" queries can detect potentially malicious access intended to decrypt access tokens. The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can use modules to extract private key and session information, but does not address other procedures.\nThe coverage for these queries is minimal (specific to Empire, ADFS) resulting in an overall Minimal score.", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1552"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1590", "attack-object-name": "Gather Victim Network Information", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Rare client observed with high reverse DNS lookup count\" query can detect if a particular IP is observed performing an unusually high number of reverse DNS lookups and has not been observed doing so previously.", "attack-object-id": "T1590.002", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1590"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which includes various modules to attempt to bypass UAC for privilege escalation, but does not address other procedures.", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1548"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can be used to make tokens via Invoke-RunAs and add a SID-History to a user if on a domain controller, but does not address other procedures.", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1134"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can be used to make tokens via Invoke-RunAs and add a SID-History to a user if on a domain controller, but does not address other procedures.", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1134"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Hunting \"Enumeration of users and groups\" query can identify potentially malicious account discovery through the use of the net tool.\nThe Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can acquire local and domain user account information, but does not address other procedures.", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1087"}, {"comments": "The Azure Sentinel Hunting \"Enumeration of users and groups\" query can identify potentially malicious account discovery through the use of the net tool.\nThe Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can acquire local and domain user account information, but does not address other procedures.", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1087"}, {"comments": "The Azure Sentinel Analytics \"Mail.Read Permissions Granted to Application\" query can identify applications that may have been abused to gain access to mailboxes.", "attack-object-id": "T1087.003", "attack-object-name": "Email Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1087"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can enumerate SSPs, install malicious SSPs, persist by modifying .lnk files to include backdoors, and modify the registry run keys, but does not address other procedures.", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1547"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can enumerate SSPs, install malicious SSPs, persist by modifying .lnk files to include backdoors, and modify the registry run keys, but does not address other procedures.", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1547"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can enumerate SSPs, install malicious SSPs, persist by modifying .lnk files to include backdoors, and modify the registry run keys, but does not address other procedures.", "attack-object-id": "T1547.001", "attack-object-name": "Registry Run Keys / Startup Folder", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1547"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1217", "attack-object-name": "Browser Bookmark Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1115", "attack-object-name": "Clipboard Data", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can modify service binaries and restore them to their original states, but does not address other procedures.", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1543"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can extract passwords from common web browsers including Firefox and Chrome, but does not address other procedures.", "attack-object-id": "T1555.003", "attack-object-name": "Credentials from Web Browsers", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1555"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can modify group policy objects to install and execute malicious scheduled tasks, but does not address other procedures.", "attack-object-id": "T1484.001", "attack-object-name": "Group Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1484"}, {"comments": "The Azure Sentinel Analytics \"Modified Domain Federation Trust Settings\" query can detect potentially malicious changes to domain trust settings.", "attack-object-id": "T1484.002", "attack-object-name": "Domain Trust Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1484"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can leverage WMI debugging to remotely replace binaries like seth.exe, utilman.exe, and magnify.exe with cmd.exe, but does not address other procedures.", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1546"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can discover and exploit DLL hijacking opportunities, path interception opportunities in the PATH environment variable, search order hijacking vulnerabilities, and unquoted path vulnerabilities, but does not address other procedures.", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1574"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can discover and exploit DLL hijacking opportunities, path interception opportunities in the PATH environment variable, search order hijacking vulnerabilities, and unquoted path vulnerabilities, but does not address other procedures.", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1574"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can discover and exploit DLL hijacking opportunities, path interception opportunities in the PATH environment variable, search order hijacking vulnerabilities, and unquoted path vulnerabilities, but does not address other procedures.", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1574"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can discover and exploit DLL hijacking opportunities, path interception opportunities in the PATH environment variable, search order hijacking vulnerabilities, and unquoted path vulnerabilities, but does not address other procedures.", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1574"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1056", "attack-object-name": "Input Capture", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which includes keylogging capabilities for both Windows and Linux and contains modules that leverage API hooking to carry out tasks, but does not address other procedures.", "attack-object-id": "T1056.001", "attack-object-name": "Keylogging", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1056"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which includes keylogging capabilities for both Windows and Linux and contains modules that leverage API hooking to carry out tasks, but does not address other procedures.", "attack-object-id": "T1056.004", "attack-object-name": "Credential API Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1056"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can use Inveigh to conduct name service poisoning for credential theft and associated relay attacks, but does not address other procedures.", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1557"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which contains an implementation of Mimikatz to gather credentials from memory, but does not address other procedures.", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1003"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1057", "attack-object-name": "Process Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Hunting \"Editing Linux scheduled tasks through Crontab\" query can detect potentially malicious modification of cron jobs.", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1053"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can interact with the Windows task scheduler, but does not address other procedures.", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1053"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1113", "attack-object-name": "Screen Capture", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1518", "attack-object-name": "Software Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can enumerate antivirus software on the target, but does not address other procedures.", "attack-object-id": "T1518.001", "attack-object-name": "Security Software Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1518"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1082", "attack-object-name": "System Information Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1016", "attack-object-name": "System Network Configuration Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1049", "attack-object-name": "System Network Connections Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can use PsExec to execute a payload on a remote host, but does not address other procedures.", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1569"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can use abuse trusted utilities including MSBuild.exe, but does not address other procedures.", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1127"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Azure DevOps - PAT used with Browser.\" query can identify potentially malicious usage of Personal Access Tokens intended for code or applications to be used through the web browser.", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1550"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can perform pass the hash attacks, but does not address other procedures.", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1550"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1125", "attack-object-name": "Video Capture", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can use Dropbox and GitHub for command and control, but does not address other procedures.", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1102"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1074", "attack-object-name": "Data Staged", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Malware in the recycle bin\" query can detect local hidden malware.", "attack-object-id": "T1074.001", "attack-object-name": "Local Data Staging", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1074"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Hunting \"Exes with double file extension and access summary\" can identify malicious executable files that have been hidden as other file types.", "attack-object-id": "T1036.004", "attack-object-name": "Masquerade Task or Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1036"}, {"comments": "The Azure Sentinel Hunting \"Masquerading Files\" and \"Rare Process Path\" queries can detect an adversary attempting to make malicious activity blend in with legitimate commands and files. The Azure Sentinel Hunting \"Azure DevOps Display Name Changes\" query can detect potentially maliicous changes to the DevOps user display name.", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1036"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1069", "attack-object-name": "Permission Groups Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Hunting \"Enumeration of users and groups\" query can identify potentially malicious group discovery through the use of the net tool.", "attack-object-id": "T1069.002", "attack-object-name": "Domain Groups", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1069"}, {"comments": "The Azure Sentinel Hunting \"Enumeration of users and groups\" query can identify potentially malicious group discovery through the use of the net tool.", "attack-object-id": "T1069.001", "attack-object-name": "Local Groups", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1069"}, {"comments": "Most scores have been assessed as Partial because this control increases the strength of user passwords thereby reducing the likelihood of a successful brute force attack. But given sufficient resources, an adversary may still successfully execute the attack vectors included in this mapping.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts"], "tags": ["Azure Active Directory", "Credentials", "Identity", "Passwords"], "mapping-description": "", "capability-id": "Azure AD Password Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The password restrictions provided by the default Password policy along with the lockout threshold and duration settings is an effective protection against this Password Guessing sub-technique.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Password Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "The password restrictions provided by the default Password policy can provide partial protection against password cracking but a determined adversary with sufficient resources can still be successful with this attack vector.\nIn regards to Credential Stuffing, the password policy's lockout threshold can be partially effective in mitigating this sub-technique as it may lock the account before the correct credential is attempted. Although with credential stuffing, the number of passwords attempted for an account is often (much) fewer than with Password Guessing reducing the effectiveness of a lockout threshold. This led to its score being assessed as Partial rather than Significant (as was assessed for Password Guessing).", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Password Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "The password restrictions provided by the default Password policy can provide partial protection against password cracking but a determined adversary with sufficient resources can still be successful with this attack vector.\nIn regards to Credential Stuffing, the password policy's lockout threshold can be partially effective in mitigating this sub-technique as it may lock the account before the correct credential is attempted. Although with credential stuffing, the number of passwords attempted for an account is often (much) fewer than with Password Guessing reducing the effectiveness of a lockout threshold. This led to its score being assessed as Partial rather than Significant (as was assessed for Password Guessing).", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Password Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following alert of this control is able to detect domain account discovery: \"Account enumeration reconnaissance (external ID 2003)\". This shouldn't occur frequently and therefore the false positive rate should be minimal.\nThe \"Security principal reconnaissance (LDAP) (external ID 2038)\" alert is also relevant and its machine learning capabilities should reduce the false positive rate.\nThe \"User and IP address reconnaissance (SMB) (external ID 2012)\" alert can also provide a detection on a variation of this sub-technique.", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1087"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1069", "attack-object-name": "Permission Groups Discovery", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Security principal reconnaissance (LDAP) (external ID 2038)\" alert can be used to detect when an adversary \"perform suspicious LDAP enumeration queries or queries targeted to sensitive groups that use methods not previously observed.\" This alert employs machine learning which should reduce the number of false positives.\nAdditionally, this control's \"User and Group membership reconnaissance (SAMR) (external ID 2021)\" alert can detect this sub-technique and also employs machine learning which should reduce the false-positive rate.", "attack-object-id": "T1069.002", "attack-object-name": "Domain Groups", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1069"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's \"Suspected identity theft (pass-the-hash) (external ID 2017)\" alert specifically looks for pass-the-hash attacks but there is not enough information to determine its effectiveness and therefore a conservative assessment of a Partial score is assigned.\nThis control's \"Suspected identity theft (pass-the-ticket) (external ID 2018)\" alert specifically looks for pass-the-ticket attacks but there is not enough information to determine its effectiveness and therefore a conservative assessment of a Partial score is assigned.", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1550"}, {"comments": "This control's \"Suspected identity theft (pass-the-hash) (external ID 2017)\" alert specifically looks for pass-the-hash attacks but there is not enough information to determine its effectiveness and therefore a conservative assessment of a Partial score is assigned.\nThis control's \"Suspected identity theft (pass-the-ticket) (external ID 2018)\" alert specifically looks for pass-the-ticket attacks but there is not enough information to determine its effectiveness and therefore a conservative assessment of a Partial score is assigned.", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1550"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Suspected NTLM relay attack (Exchange account) (external ID 2037)\" alert can detect NTLM relay attack specific to the Exchange service. Because this detection is limited to this variation of the sub-technique, its coverage score is Minimal resulting in an overall Minimal score.", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1557"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's \"Suspected Brute Force attack (Kerberos, NTLM) (external ID 2023)\" alert can detect these brute force sub-techniques. It incorporates a machine learning feature that should reduce the number of false positives.\nSimilarly, its \"Suspected Brute Force attack (LDAP) (external ID 2004)\" alert can detect brute force attacks using LDAP simple binds.\nThe \"Suspected Brute Force attack (SMB) (external ID 2033)\" alert is also relevant but the details are sparse.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control's \"Suspected Brute Force attack (Kerberos, NTLM) (external ID 2023)\" alert can detect these brute force sub-techniques. It incorporates a machine learning feature that should reduce the number of false positives.\nSimilarly, its \"Suspected Brute Force attack (LDAP) (external ID 2004)\" alert can detect brute force attacks using LDAP simple binds.\nThe \"Suspected Brute Force attack (SMB) (external ID 2033)\" alert is also relevant but the details are sparse.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's \"Suspected Kerberos SPN exposure (external ID 2410)\" alert is able to detect when an attacker use tools to enumerate service accounts and their respective SPNs (Service principal names), request a Kerberos service ticket for the services, capture the Ticket Granting Service (TGS) tickets from memory and extract their hashes, and save them for later use in an offline brute force attack. \nSimilarly its \"Suspected AS-REP Roasting attack (external ID 2412)\" alert is able to detect AS-REP Roasting sub-technique.\nThe accuracy of these alerts is unknown and therefore its score has been assessed as Partial.", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1558"}, {"comments": "This control's \"Suspected Kerberos SPN exposure (external ID 2410)\" alert is able to detect when an attacker use tools to enumerate service accounts and their respective SPNs (Service principal names), request a Kerberos service ticket for the services, capture the Ticket Granting Service (TGS) tickets from memory and extract their hashes, and save them for later use in an offline brute force attack. \nSimilarly its \"Suspected AS-REP Roasting attack (external ID 2412)\" alert is able to detect AS-REP Roasting sub-technique.\nThe accuracy of these alerts is unknown and therefore its score has been assessed as Partial.", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1558"}, {"comments": "This control has numerous alerts that can detect Golden Ticket attacks from multiple perspectives. The accuracy of these alerts is unknown resulting in a partial score.", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1558"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Malicious request of Data Protection API master key (external ID 2020)\" alert can be used to detect when an attacker attempts to utilize the Data Protection API (DPAPI) to decrypt sensitive data using the backup of the master key stored on domain controllers. DPAPI is used by Windows to securely protect passwords saved by browsers, encrypted files, and other sensitive data. This alert is specific to using DPAPI to retrieve the master backup key and therefore provides minimal coverage resulting in a Minimal score.", "attack-object-id": "T1555.003", "attack-object-name": "Credentials from Web Browsers", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1555"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Remote code execution attempt (external ID 2019)\" alert can detect Remote code execution via Powershell. This may lead to false positives as administrative workstations, IT team members, and service accounts can all perform legitimate administrative tasks against domain controllers. Additionally, this alert seems to be specific to detecting execution on domain controllers and AD FS servers, limiting its coverage.", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1059"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Remote code execution attempt (external ID 2019)\" alert can detect Remote code execution via Psexec. This may lead to false positives as administrative workstations, IT team members, and service accounts can all perform legitimate administrative tasks against domain controllers. Additionally, this alert seems to be specific to detecting execution on domain controllers and AD FS servers, limiting its coverage.\nThis control's \"Data exfiltration over SMB (external ID 2030)\" alert may also be able to detect exfiltration of sensitive data on domain controllers using SMB.\n", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1021"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Remote code execution attempt (external ID 2019)\" alert can detect Remote code execution via Psexec. This may lead to false positives as administrative workstations, IT team members, and service accounts can all perform legitimate administrative tasks against domain controllers. Additionally, this alert seems to be specific to detecting execution on domain controllers and AD FS servers, limiting its coverage.", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1569"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1207", "attack-object-name": "Rogue Domain Controller", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Suspected DCSync attack (replication of directory services) (external ID 2006)\" alert can detect DCSync attacks. The false positive rate should be low due to the identity of domain controllers on the network changing infrequently and therefore replication requests received from non-domain controllers should be a red flag.", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1003"}, {"comments": "The documentation for this control's \"Data exfiltration over SMB (external ID 2030)\" alert implies that it may be able to detect the transfer of sensitive data such as the Ntds.dit on monitored domain controllers. This is specific to domain controllers and therefore results in a reduced coverage score.", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1003"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Suspected skeleton key attack (encryption downgrade) (external ID 2010)\" alert can detect skeleton attacks. This alert provides partial protection as it detects on a specific type of malware, Skeleton malware, and its usage of weaker encryption algorithms to hash the user's passwords on the domain controller. The description of the alert implies it utilizes machine learning to look for anomalous usage of weak encryption algorithms which should result in a reduced false positive rate.", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1556"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Suspicious service creation (external ID 2026)\" alert is able to detect suspicious service creation on a domain controller or AD FS server in your organization. As a result of this detecting being specific to these hosts, the coverage score is Minimal resulting in Minimal detection.", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1543"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Suspicious communication over DNS (external ID 2031)\" alert can detect malicious communication over DNS used for data exfiltration, command, and control, and/or evading corporate network restrictions. The accuracy of this control is unknown and therefore its score has been assessed as Partial.", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Suspicious communication over DNS (external ID 2031)\" alert can detect malicious communication over DNS used for data exfiltration, command, and control, and/or evading corporate network restrictions. The accuracy of this control is unknown and therefore its score has been assessed as Partial.", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "This control provides alerts for suspicious activity for Azure Key Vault. Documentation has been offered on how to respond to alerts but no specific tool or feature is offered for response. ", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-key-vault-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurekv"], "tags": ["Azure Defender", "Azure Security Center Recommendation", "Credentials"], "mapping-description": "", "capability-id": "Azure Defender for Key Vault", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control provides alerts for suspicious activity for Azure Key Vault. Documentation has been offered on how to respond to alerts but no specific tool or feature is offered for response. ", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-key-vault-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurekv"], "tags": ["Azure Defender", "Azure Security Center Recommendation", "Credentials"], "mapping-description": "", "capability-id": "Azure Defender for Key Vault", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-kubernetes-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-akscluster"], "tags": ["Azure Defender", "Azure Security Center Recommendation", "Containers"], "mapping-description": "", "capability-id": "Azure Defender for Kubernetes", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-kubernetes-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-akscluster"], "tags": ["Azure Defender", "Azure Security Center Recommendation", "Containers"], "mapping-description": "", "capability-id": "Azure Defender for Kubernetes", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-kubernetes-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-akscluster"], "tags": ["Azure Defender", "Azure Security Center Recommendation", "Containers"], "mapping-description": "", "capability-id": "Azure Defender for Kubernetes", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-kubernetes-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-akscluster"], "tags": ["Azure Defender", "Azure Security Center Recommendation", "Containers"], "mapping-description": "", "capability-id": "Azure Defender for Kubernetes", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-application"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender for Servers"], "mapping-description": "", "capability-id": "Adaptive Application Controls", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Once this control is activated, it generates alerts for any executable that has been run and is not included in an allow list. There is a significant potential for false positives from new non-malicious executables, and events are calculated once every twelve hours, so its temporal score is Partial.", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "Adaptive Application Controls", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1204"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-application"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender for Servers"], "mapping-description": "", "capability-id": "Adaptive Application Controls", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Once this control is activated, it generates alerts for any executable that is run and is not included in an allow list. Path-based masquerading may subvert path-based rules within this control, resulting in false negatives, but hash and publisher-based rules will still detect untrusted executables. Events are calculated once every twelve hours, so its temporal score is Partial.", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "Adaptive Application Controls", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1036"}, {"comments": "Once this control is activated, it generates alerts for any executable that is run and is not included in an allow list. Malicious files of this type would be unlikely to evade detection from any form of allow list. Events are calculated once every twelve hours, so its temporal score is Partial.", "attack-object-id": "T1036.006", "attack-object-name": "Space after Filename", "references": [], "tags": [], "mapping-description": "", "capability-id": "Adaptive Application Controls", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1036"}, {"comments": "Once this control is activated, it generates alerts for any executable that is run and is not included in an allow list. Because signatures generated via this technique are not valid, these malicious executables would be detected via any form of allow list, including publisher-based. Events are calculated once every twelve hours, so its temporal score is Partial.", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "Adaptive Application Controls", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1036"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-application"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender for Servers"], "mapping-description": "", "capability-id": "Adaptive Application Controls", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Once this control is activated, it generates alerts for any executable that is run and is not included in an allow list. While publisher-based allow lists may fail to detect malicious executables with valid signatures, hash and path-based rules will still detect untrusted executables. Events are calculated once every twelve hours, so its temporal score is Partial.", "attack-object-id": "T1553.002", "attack-object-name": "Code Signing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Adaptive Application Controls", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1553"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-application"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender for Servers"], "mapping-description": "", "capability-id": "Adaptive Application Controls", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Note that MFA that is triggered in response to privileged operations (such as assigning a user a privileged role) are considered functionality of the Azure AD Privileged Identity Management control. Consult the mapping for this control for the ATT&CK (sub-)techniques it maps to. This mapping specifically deals with MFA when it is enabled as a security default.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Credentials", "Identity", "Passwords", "MFA"], "mapping-description": "", "capability-id": "Azure AD Multi-Factor Authentication", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "MFA can significantly reduce the impact of a password compromise, requiring the adversary to complete an additional authentication method before their access is permitted.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Multi-Factor Authentication", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "MFA can significantly reduce the impact of a password compromise, requiring the adversary to complete an additional authentication method before their access is permitted.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Multi-Factor Authentication", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "MFA can significantly reduce the impact of a password compromise, requiring the adversary to complete an additional authentication method before their access is permitted.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Multi-Factor Authentication", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "Note that MFA that is triggered in response to privileged operations (such as assigning a user a privileged role) are considered functionality of the Azure AD Privileged Identity Management control. Consult the mapping for this control for the ATT&CK (sub-)techniques it maps to. This mapping specifically deals with MFA when it is enabled as a security default.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Credentials", "Identity", "Passwords", "MFA"], "mapping-description": "", "capability-id": "Azure AD Multi-Factor Authentication", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "MFA can provide protection against an adversary that obtains valid credentials by requiring the adversary to complete an additional authentication process before access is permitted. This is an incomplete protection measure though as the adversary may also have obtained credentials enabling bypassing the additional authentication method. ", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Multi-Factor Authentication", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "This is a private network service, allowing connections between Azure, on-prem, and 3rd party services without traversing the Internet. Generally this reduces risk from MiTM, DOS, network-based data manipulation and network sniffing from untrusted network.", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": ["https://docs.microsoft.com/azure/private-link/private-link-overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control reduces the likelihood of MiTM for traffic between remote users, cloud, and 3rd parties by routing the traffic via the Microsoft backbone rather than over the Internet.", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1557"}, {"comments": "This control reduces the likelihood of MiTM for traffic between remote users, cloud, and 3rd parties by routing the traffic via the Microsoft backbone rather than over the Internet.", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1557"}, {"comments": "This is a private network service, allowing connections between Azure, on-prem, and 3rd party services without traversing the Internet. Generally this reduces risk from MiTM, DOS, network-based data manipulation and network sniffing from untrusted network.", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": ["https://docs.microsoft.com/azure/private-link/private-link-overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control reduces the likelihood of data manipulation for traffic between remote users, cloud, and 3rd parties by routing the traffic via the Microsoft backbone rather than over the Internet.", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1565"}, {"comments": "This is a private network service, allowing connections between Azure, on-prem, and 3rd party services without traversing the Internet. Generally this reduces risk from MiTM, DOS, network-based data manipulation and network sniffing from untrusted network.", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://docs.microsoft.com/azure/private-link/private-link-overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "This is a private network service, allowing connections between Azure, on-prem, and 3rd party services without traversing the Internet. Generally this reduces risk from MiTM, DOS, network-based data manipulation and network sniffing from untrusted network.", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": ["https://docs.microsoft.com/azure/private-link/private-link-overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1498"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1498"}, {"comments": "This is a private network service, allowing connections between Azure, on-prem, and 3rd party services without traversing the Internet. Generally this reduces risk from MiTM, DOS, network-based data manipulation and network sniffing from untrusted network.", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.microsoft.com/azure/private-link/private-link-overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note there is also a Managed HSM service.", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://docs.microsoft.com/en-us/azure/dedicated-hsm/overview", "https://docs.microsoft.com/en-us/azure/key-vault/managed-hsm/"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Azure Dedicated HSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Provides significant protection of private keys.", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Dedicated HSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1552"}, {"comments": "Note there is also a Managed HSM service.", "attack-object-id": "T1588", "attack-object-name": "Obtain Capabilities", "references": ["https://docs.microsoft.com/en-us/azure/dedicated-hsm/overview", "https://docs.microsoft.com/en-us/azure/key-vault/managed-hsm/"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Azure Dedicated HSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Certificate credentials can be vaulted in an HSM thereby reducing its attack surface.", "attack-object-id": "T1588.004", "attack-object-name": "Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Dedicated HSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1588"}, {"comments": "Certificate credentials can be vaulted in an HSM thereby reducing its attack surface.", "attack-object-id": "T1588.003", "attack-object-name": "Code Signing Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Dedicated HSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1588"}, {"comments": "Note there is also a Managed HSM service.", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": ["https://docs.microsoft.com/en-us/azure/dedicated-hsm/overview", "https://docs.microsoft.com/en-us/azure/key-vault/managed-hsm/"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Azure Dedicated HSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Certificate credentials can be vaulted in an HSM thereby reducing its attack surface.", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Dedicated HSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1553"}, {"comments": "Certificate credentials can be vaulted in an HSM thereby reducing its attack surface.", "attack-object-id": "T1553.002", "attack-object-name": "Code Signing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Dedicated HSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1553"}, {"comments": "This control generally applies to techniques that leverage vulnerabilities in unpatched software, which can be specific techniques sub-techniques. ", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": ["https://docs.microsoft.com/en-us/azure/automation/update-management/overview"], "tags": ["Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides coverage of some aspects of software supply chain compromise since it enables automated updates of software and rapid configuration change management.", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1195"}, {"comments": "This control provides coverage of some aspects of software supply chain compromise since it enables automated updates of software and rapid configuration change management.", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1195"}, {"comments": "This control generally applies to techniques that leverage vulnerabilities in unpatched software, which can be specific techniques sub-techniques. ", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": ["https://docs.microsoft.com/en-us/azure/automation/update-management/overview"], "tags": ["Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control generally applies to techniques that leverage vulnerabilities in unpatched software, which can be specific techniques sub-techniques. ", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/automation/update-management/overview"], "tags": ["Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control generally applies to techniques that leverage vulnerabilities in unpatched software, which can be specific techniques sub-techniques. ", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": ["https://docs.microsoft.com/en-us/azure/automation/update-management/overview"], "tags": ["Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control generally applies to techniques that leverage vulnerabilities in unpatched software, which can be specific techniques sub-techniques. ", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/automation/update-management/overview"], "tags": ["Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control generally applies to techniques that leverage vulnerabilities in unpatched software, which can be specific techniques sub-techniques. ", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/automation/update-management/overview"], "tags": ["Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control generally applies to techniques that leverage vulnerabilities in unpatched software, which can be specific techniques sub-techniques. ", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://docs.microsoft.com/en-us/azure/automation/update-management/overview"], "tags": ["Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control generally applies to techniques that leverage vulnerabilities in unpatched software, which can be specific techniques sub-techniques. ", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://docs.microsoft.com/en-us/azure/automation/update-management/overview"], "tags": ["Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control generally applies to techniques that leverage vulnerabilities in unpatched software, which can be specific techniques sub-techniques. ", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://docs.microsoft.com/en-us/azure/automation/update-management/overview"], "tags": ["Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides significant protection against Denial of Service (DOS) attacks that leverage system/application vulnerabilities as opposed to volumetric attacks since it enables automated updates of software and rapid configuration change management.", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1499"}, {"comments": "This control generally applies to techniques that leverage vulnerabilities in unpatched software, which can be specific techniques sub-techniques. ", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": ["https://docs.microsoft.com/en-us/azure/automation/update-management/overview"], "tags": ["Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control generally applies to techniques that leverage vulnerabilities in unpatched software, which can be specific techniques sub-techniques. ", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": ["https://docs.microsoft.com/en-us/azure/automation/update-management/overview"], "tags": ["Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1584", "attack-object-name": "Compromise Infrastructure", "references": ["https://docs.microsoft.com/en-us/azure/dns/dns-alias#prevent-dangling-dns-records"], "tags": ["DNS", "Network"], "mapping-description": "", "capability-id": "Azure DNS Alias Records", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Alias records prevent dangling references by tightly coupling the life cycle of a DNS record with an Azure resource. For example, consider a DNS record that's qualified as an alias record to point to a public IP address or a Traffic Manager profile. If you delete those underlying resources, the DNS alias record becomes an empty record set. It no longer references the deleted resource. This control is effective for protecting DNS records that resolve to Azure resources but does not offer protection for records pointing to non-Azure resources, resulting in a Partial score.", "attack-object-id": "T1584.001", "attack-object-name": "Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure DNS Alias Records", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1584"}, {"comments": "RBAC enables organizations to limit the number of users within the organization with an IAM role that has administrative privileges. This enables limiting the number of users within the tenant that have privileged access thereby resulting in a reduced attack surface and a coverage score factor of Partial. Most sub-techniques have been scored as Partial for this reason.", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://docs.microsoft.com/en-us/azure/role-based-access-control/overview"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Identity"], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can be used to implement the least-privilege principle for account management and thereby limit the accounts that can be used for account discovery.", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1087"}, {"comments": "RBAC enables organizations to limit the number of users within the organization with an IAM role that has administrative privileges. This enables limiting the number of users within the tenant that have privileged access thereby resulting in a reduced attack surface and a coverage score factor of Partial. Most sub-techniques have been scored as Partial for this reason.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/role-based-access-control/overview"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Identity"], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can be used to implement the least-privilege principle for account management and thereby limit what an adversary can do with a valid account.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "RBAC enables organizations to limit the number of users within the organization with an IAM role that has administrative privileges. This enables limiting the number of users within the tenant that have privileged access thereby resulting in a reduced attack surface and a coverage score factor of Partial. Most sub-techniques have been scored as Partial for this reason.", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": ["https://docs.microsoft.com/en-us/azure/role-based-access-control/overview"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Identity"], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can create accounts.", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1136"}, {"comments": "RBAC enables organizations to limit the number of users within the organization with an IAM role that has administrative privileges. This enables limiting the number of users within the tenant that have privileged access thereby resulting in a reduced attack surface and a coverage score factor of Partial. Most sub-techniques have been scored as Partial for this reason.", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/role-based-access-control/overview"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Identity"], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can modify accounts.", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1098"}, {"comments": "This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can modify accounts.", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1098"}, {"comments": "RBAC enables organizations to limit the number of users within the organization with an IAM role that has administrative privileges. This enables limiting the number of users within the tenant that have privileged access thereby resulting in a reduced attack surface and a coverage score factor of Partial. Most sub-techniques have been scored as Partial for this reason.", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": ["https://docs.microsoft.com/en-us/azure/role-based-access-control/overview"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Identity"], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can perform these privileged operations.", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1578"}, {"comments": "This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can perform these privileged operations.", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1578"}, {"comments": "This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can perform these privileged operations.", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1578"}, {"comments": "This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can perform these privileged operations.", "attack-object-id": "T1578.004", "attack-object-name": "Revert Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1578"}, {"comments": "RBAC enables organizations to limit the number of users within the organization with an IAM role that has administrative privileges. This enables limiting the number of users within the tenant that have privileged access thereby resulting in a reduced attack surface and a coverage score factor of Partial. Most sub-techniques have been scored as Partial for this reason.", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://docs.microsoft.com/en-us/azure/role-based-access-control/overview"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Identity"], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "RBAC enables organizations to limit the number of users within the organization with an IAM role that has administrative privileges. This enables limiting the number of users within the tenant that have privileged access thereby resulting in a reduced attack surface and a coverage score factor of Partial. Most sub-techniques have been scored as Partial for this reason.", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": ["https://docs.microsoft.com/en-us/azure/role-based-access-control/overview"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Identity"], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "RBAC enables organizations to limit the number of users within the organization with an IAM role that has administrative privileges. This enables limiting the number of users within the tenant that have privileged access thereby resulting in a reduced attack surface and a coverage score factor of Partial. Most sub-techniques have been scored as Partial for this reason.", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.microsoft.com/en-us/azure/role-based-access-control/overview"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Identity"], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "RBAC enables organizations to limit the number of users within the organization with an IAM role that has administrative privileges. This enables limiting the number of users within the tenant that have privileged access thereby resulting in a reduced attack surface and a coverage score factor of Partial. Most sub-techniques have been scored as Partial for this reason.", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://docs.microsoft.com/en-us/azure/role-based-access-control/overview"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Identity"], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is still in preview, so its coverage will likely expand in the future. This mapping is based on its current (preview) state.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/other-threat-protections", "https://docs.microsoft.com/en-us/azure/cosmos-db/cosmos-db-advanced-threat-protection"], "tags": ["Azure Security Center", "Database"], "mapping-description": "", "capability-id": "Alerts for Azure Cosmos DB", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control triggers an alert when there is a change in the access pattern to an Azure Cosmos account based on access from an unusual geographical location. False positives are fairly likely and misuse from a typical location is not covered, so score is Minimal. Relevant alert is \"Access from an unusual location to a Cosmos DB account\"", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Azure Cosmos DB", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1078"}, {"comments": "This control is still in preview, so its coverage will likely expand in the future. This mapping is based on its current (preview) state.", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/other-threat-protections", "https://docs.microsoft.com/en-us/azure/cosmos-db/cosmos-db-advanced-threat-protection"], "tags": ["Azure Security Center", "Database"], "mapping-description": "", "capability-id": "Alerts for Azure Cosmos DB", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This control may detect changes to the Windows registry upon creation or modification of scheduled tasks. This control may also detect changes to files used by cron or systemd to create/modify scheduled tasks. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1053"}, {"comments": "This control may detect changes to the Windows registry upon creation or modification of scheduled tasks. This control may also detect changes to files used by cron or systemd to create/modify scheduled tasks. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1053"}, {"comments": "This control may detect changes to the Windows registry upon creation or modification of scheduled tasks. This control may also detect changes to files used by cron or systemd to create/modify scheduled tasks. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1053"}, {"comments": "This control may detect changes to the Windows registry upon creation or modification of scheduled tasks. This control may also detect changes to files used by cron or systemd to create/modify scheduled tasks. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1053"}, {"comments": "This control may detect changes to the Windows registry upon creation or modification of scheduled tasks. This control may also detect changes to files used by cron or systemd to create/modify scheduled tasks. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1053"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect changes to the SSH authorized keys file which may indicate establishment of persistence. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1098"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may detect changes to the Windows registry or files that enable Boot or Logon Autostart Execution. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1547.001", "attack-object-name": "Registry Run Keys / Startup Folder", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "This control may detect changes to the Windows registry or files that enable Boot or Logon Autostart Execution. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "This control may detect changes to the Windows registry or files that enable Boot or Logon Autostart Execution. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "This control may detect changes to the Windows registry or files that enable Boot or Logon Autostart Execution. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "This control may detect changes to the Windows registry or files that enable Boot or Logon Autostart Execution. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "This control may detect changes to the Windows registry or files that enable Boot or Logon Autostart Execution. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "This control may detect changes to the Windows registry or files that enable Boot or Logon Autostart Execution. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "This control may detect changes to the Windows registry or files that enable Boot or Logon Autostart Execution. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "This control may detect changes to the Windows registry or files that enable Boot or Logon Autostart Execution. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1547.010", "attack-object-name": "Port Monitors", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "This control may detect changes to the Windows registry or files that enable Boot or Logon Autostart Execution. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may detect changes to the Windows registry upon creation or modification of logon scripts. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1037"}, {"comments": "This control may detect changes to the Windows registry upon creation or modification of logon scripts. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1037"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may detect changes to the Windows registry upon creation or modification of Windows services. This control may also detect changes to files used by systemd to create/modify systemd services. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1543"}, {"comments": "This control may detect changes to the Windows registry upon creation or modification of Windows services. This control may also detect changes to files used by systemd to create/modify systemd services. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1543"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may detect changes to the Windows registry or files that indicate event triggered execution. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1546.001", "attack-object-name": "Change Default File Association", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1546"}, {"comments": "This control may detect changes to the Windows registry or files that indicate event triggered execution. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1546"}, {"comments": "This control may detect changes to the Windows registry or files that indicate event triggered execution. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1546"}, {"comments": "This control may detect changes to the Windows registry or files that indicate event triggered execution. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1546.007", "attack-object-name": "Netsh Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1546"}, {"comments": "This control may detect changes to the Windows registry or files that indicate event triggered execution. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1546"}, {"comments": "This control may detect changes to the Windows registry or files that indicate event triggered execution. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1546"}, {"comments": "This control may detect changes to the Windows registry or files that indicate event triggered execution. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1546"}, {"comments": "This control may detect changes to the Windows registry or files that indicate event triggered execution. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1546.012", "attack-object-name": "Image File Execution Options Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1546"}, {"comments": "This control may detect changes to the Windows registry or files that indicate event triggered execution. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1546"}, {"comments": "The detection score for this group of sub-techniques is assessed as Minimal due to the accuracy component of the score. The registry keys which are modified as a result of these sub-techniques can change frequently or are too numerous to monitor and therefore can result in significant amount of false positives.\n", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1546"}, {"comments": "The detection score for this group of sub-techniques is assessed as Minimal due to the accuracy component of the score. The registry keys which are modified as a result of these sub-techniques can change frequently or are too numerous to monitor and therefore can result in significant amount of false positives.\n", "attack-object-id": "T1546.015", "attack-object-name": "Component Object Model Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1546"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect changes to the ld.so.preload file which may indicate an attempt to hijack execution flow. This sub-technique may also be utilized through an environment variable which this control may not detect. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1574.006", "attack-object-name": "LD_PRELOAD", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1574"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect changes to the Windows registry to establish persistence with the Office Test sub-technique. The specificity of registry keys involved may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1137"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Some UAC bypass methods rely on modifying specific, user-accessible Registry settings that can be monitored using this control. Overall, there are numerous other bypass methods that do not result in Registry modification that this control will not be effective in detection resulting in a low detection coverage factor.", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1548"}, {"comments": "This control may detect changes to the sudoers file which may indicate privilege escalation. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1548"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The Registry key used to register a Password Filter DLL can be monitored for changes using this control providing substantial coverage of this sub-technique. This key should not change often and therefore false positives should be minimal. This control at worst scans for changes on an hourly basis.", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1556"}, {"comments": "The PAM configuration and module paths (/etc/pam.d/) can be monitored for changes using this control. The files in this path should not change often and therefore false positives should be minimal. This control at worst scans for changes on an hourly basis.", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1556"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can be used to detect the Windows Security Support Provider (SSP) DLLs variation of this sub-technique by monitoring the Registry keys used to register these DLLs. These keys should change infrequently and therefore false positives should be minimal. ", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1003"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can detect changes to the permissions of Windows and Linux files and can be used to detect modifications to sensitive directories and files that shouldn't change frequently. This control at worst scans for changes on an hourly basis.", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1222"}, {"comments": "This control can detect changes to the permissions of Windows and Linux files and can be used to detect modifications to sensitive directories and files that shouldn't change frequently. This control at worst scans for changes on an hourly basis.", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1222"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can be used to monitor Registry keys related to security software or event logging processes that can detect when an adversary attempts to disable these tools via modifying or deleting Registry keys. A majority of the cited procedure examples for this sub-technique are related to killing security processes rather than modifying the Registry, and therefore the detection coverage for this control is low.", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "There are numerous ways depending on the operating system that these sub-techniques can be accomplished. Monitoring the Windows Registry is one way depending on the procedure chosen to implement the sub-technique and therefore the overall coverage is low.", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "There are numerous ways depending on the operating system that these sub-techniques can be accomplished. Monitoring the Windows Registry is one way depending on the procedure chosen to implement the sub-technique and therefore the overall coverage is low.", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can detect modifications made to the Registry keys used to register Windows Subject Interface Packages (SIPs). Because this sub-technique can be accomplished without modifying the Registry via DLL Search Order Hijacking, it has been scored as Partial. The related Registry keys should not change often and therefore the false positive rate should be minimal. This control at worst scans for changes on an hourly basis.", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1553"}, {"comments": "This control can be used to detect when the system root certificates has changed by detecting the corresponding Registry or File system modifications that occur as a result. These root certificates should not change often and therefore the false positive rate is minimal. This control at worst scans for changes on an hourly basis.", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1553"}, {"comments": "Azure Backup service provides defense against destruction/manipulation of data at rest. Scoring as \"Significant\" since it is an essential practice against data destruction et al, and can eradicate the threat event by restoring from backup.", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.microsoft.com/en-us/azure/backup/backup-overview"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Backup", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "Azure Backup service provides defense against destruction/manipulation of data at rest. Scoring as \"Significant\" since it is an essential practice against data destruction et al, and can eradicate the threat event by restoring from backup.", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": ["https://docs.microsoft.com/en-us/azure/backup/backup-overview"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Backup", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "Azure Backup service provides defense against destruction/manipulation of data at rest. Scoring as \"Significant\" since it is an essential practice against data destruction et al, and can eradicate the threat event by restoring from backup.", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": ["https://docs.microsoft.com/en-us/azure/backup/backup-overview"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Backup", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "Data backups provide a significant response to external or internal data defacement attacks by enabling the restoration of data from backup.", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Backup", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1491"}, {"comments": "Data backups provide a significant response to external or internal data defacement attacks by enabling the restoration of data from backup.", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Backup", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1491"}, {"comments": "Azure Backup service provides defense against destruction/manipulation of data at rest. Scoring as \"Significant\" since it is an essential practice against data destruction et al, and can eradicate the threat event by restoring from backup.", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": ["https://docs.microsoft.com/en-us/azure/backup/backup-overview"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Backup", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "Data backups provide a significant response to disk content wipe attacks by enabling the restoration of data from backup.", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Backup", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1561"}, {"comments": "Allows for recovery of disk content, though Disk structure wipes require additional procedures for recovery.", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Backup", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Partial", "related-score": "T1561"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Identity"], "mapping-description": "", "capability-id": "Managed identities for Azure resources", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control provides an alternative to hard-coding credentials for accessing Azure services in application code. This control only protects credentials for accessing Azure services and not other credential types, resulting in a Partial coverage score.", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "Managed identities for Azure resources", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1552"}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1590", "attack-object-name": "Gather Victim Network Information", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1590.002", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "", "attack-object-id": "T1590.004", "attack-object-name": "Network Topology", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "", "attack-object-id": "T1590.005", "attack-object-name": "IP Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "", "attack-object-id": "T1590.006", "attack-object-name": "Network Security Appliances", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may provide recommendations to audit and restrict privileges on Azure cloud accounts. This control may provide information to reduce surface area for privileged access to Azure.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1078"}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may recommend removing deprecated accounts, reducing privileges, and enabling multi-factor authentication. This can reduce the amount of accounts available to be exploited and what could be done with those accounts.", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1098"}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may provide recommendations to enable other Azure controls that provide information on potentially exploitable SQL stored procedures. Recommendations to reduce unnecessary privileges from accounts and stored procedures can mitigate exploitable of this technique. ", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1505"}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may provide recommendations to implement multi-factor authentication, implement password security policies, and replacing password authentication with more secure authentication methods. This control can affect Azure, Azure cloud application, and endpoint credentials.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This control may provide recommendations to implement multi-factor authentication, implement password security policies, and replacing password authentication with more secure authentication methods. This control can affect Azure, Azure cloud application, and endpoint credentials.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This control may provide recommendations to implement multi-factor authentication, implement password security policies, and replacing password authentication with more secure authentication methods. This control can affect Azure, Azure cloud application, and endpoint credentials.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1526", "attack-object-name": "Cloud Service Discovery", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may provide recommendations to restrict public access to Remote Desktop Protocol.", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1021"}, {"comments": "This control may provide recommendations to restrict public SSH access and enable usage of SSH keys. ", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1021"}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may provide recommendations to enable Azure Defender for DNS which can monitor DNS queries between Azure applications for malicious traffic.", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1071"}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Associated with the Azure Security Center.\nThe alerts can pick up outbound Denial of Service (DOS) attacks, though that's not an ATT&CK technique per se (description oriented towards inbound DOS), also is a form of resource hijacking (though not in ATT&CK description, which is oriented towards cryptomining).", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurenetlayer"], "tags": ["Analytics", "Azure Security Center", "Network"], "mapping-description": "", "capability-id": "Azure Alerts for Network Layer", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This control can identify multiple connection attempts by external IPs, which may be indicative of Brute Force attempts, though not T1110.002, which is performed offline.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Alerts for Network Layer", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control can identify multiple connection attempts by external IPs, which may be indicative of Brute Force attempts, though not T1110.002, which is performed offline.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Alerts for Network Layer", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control can identify multiple connection attempts by external IPs, which may be indicative of Brute Force attempts, though not T1110.002, which is performed offline.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Alerts for Network Layer", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "Associated with the Azure Security Center.\nThe alerts can pick up outbound Denial of Service (DOS) attacks, though that's not an ATT&CK technique per se (description oriented towards inbound DOS), also is a form of resource hijacking (though not in ATT&CK description, which is oriented towards cryptomining).", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurenetlayer"], "tags": ["Analytics", "Azure Security Center", "Network"], "mapping-description": "", "capability-id": "Azure Alerts for Network Layer", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can identify connections to known malicious sites. Scored minimal since the malicious sites must be on a block list. ", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Alerts for Network Layer", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1071"}, {"comments": "This control can identify connections to known malicious sites. Scored minimal since the malicious sites must be on a block list. ", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Alerts for Network Layer", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1071"}, {"comments": "This control can identify connections to known malicious sites. Scored minimal since the malicious sites must be on a block list. ", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Alerts for Network Layer", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1071"}, {"comments": "This control can identify connections to known malicious sites. Scored minimal since the malicious sites must be on a block list. ", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Alerts for Network Layer", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1071"}, {"comments": "Associated with the Azure Security Center.\nThe alerts can pick up outbound Denial of Service (DOS) attacks, though that's not an ATT&CK technique per se (description oriented towards inbound DOS), also is a form of resource hijacking (though not in ATT&CK description, which is oriented towards cryptomining).", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurenetlayer"], "tags": ["Analytics", "Azure Security Center", "Network"], "mapping-description": "", "capability-id": "Azure Alerts for Network Layer", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure"], "tags": ["Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Privileged Identity Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's Access Review feature supports scheduling a routine review of cloud account permission levels to look for those that could allow an adversary to gain wide access. This information can then be used to validate if such access is required and identify which (privileged) accounts should be monitored closely. This reduces the availability of valid accounts to adversaries. This review would normally be scheduled periodically, at most weekly, and therefore its temporal score is Partial.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Privileged Identity Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure"], "tags": ["Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Privileged Identity Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure"], "tags": ["Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Privileged Identity Management", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can require MFA to be triggered when the Global Administrator role is assigned to an account or when the role is activated by a user.", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Privileged Identity Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1098"}, {"comments": "This control can notify administrators whenever the Global Administrator role is assigned to an account and can therefore be used to detect the execution of this sub-technique. Assigning the Global Administrator role to an account is an infrequent operation and as a result, the false positive rate should be minimal.", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Privileged Identity Management", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1098"}, {"comments": "Privileged roles such as the Application Administrator role can be configured to require MFA on activation to provide additional protection against the execution of this technique. In addition these privileged roles can be assigned as eligible rather than permanently active roles to further reduce the attack surface.", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Privileged Identity Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1098"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure"], "tags": ["Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Privileged Identity Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Privileged roles such as the User Administrator role can be configured to require MFA on activation to provide additional protection against the execution of this technique. In addition, these privileged roles can be assigned as eligible rather than permanently active roles to further reduce the attack surface.", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Privileged Identity Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1136"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways"], "tags": ["Network"], "mapping-description": "", "capability-id": "Azure VPN Gateway", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": ["https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways"], "tags": ["Network"], "mapping-description": "", "capability-id": "Azure VPN Gateway", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure VPN Gateway", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1557"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure VPN Gateway", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1557"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways"], "tags": ["Network"], "mapping-description": "", "capability-id": "Azure VPN Gateway", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure VPN Gateway", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1565"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/azure-sql/database/threat-detection-overview", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-sql-db-and-warehouse"], "tags": ["Azure Defender", "Azure Defender for SQL", "Azure Security Center", "Azure Security Center Recommendation", "Database"], "mapping-description": "", "capability-id": "Advanced Threat Protection for Azure SQL Database", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on logon events that are suspicious. This includes logins from unusual locations, logins from suspicious IP addresses, and users that do not commonly access the resource. These alerts may limit the ability of an attacker to utilize a valid cloud account to access and manipulate Azure databases. ", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Advanced Threat Protection for Azure SQL Database", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": ["https://docs.microsoft.com/en-us/azure/azure-sql/database/threat-detection-overview", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-sql-db-and-warehouse"], "tags": ["Azure Defender", "Azure Defender for SQL", "Azure Security Center", "Azure Security Center Recommendation", "Database"], "mapping-description": "", "capability-id": "Advanced Threat Protection for Azure SQL Database", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/azure-sql/database/threat-detection-overview", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-sql-db-and-warehouse"], "tags": ["Azure Defender", "Azure Defender for SQL", "Azure Security Center", "Azure Security Center Recommendation", "Database"], "mapping-description": "", "capability-id": "Advanced Threat Protection for Azure SQL Database", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on repeated sign in attempts to the resource and successful logins from a suspicious location, IP address, or a user that does not commonly log in to the resource. Because this control is specific to Azure database offerings, the detection coverage is Minimal.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Advanced Threat Protection for Azure SQL Database", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "This control may alert on repeated sign in attempts to the resource and successful logins from a suspicious location, IP address, or a user that does not commonly log in to the resource. Because this control is specific to Azure database offerings, the detection coverage is Minimal.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Advanced Threat Protection for Azure SQL Database", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "This control may alert on repeated sign in attempts to the resource and successful logins from a suspicious location, IP address, or a user that does not commonly log in to the resource. Because this control is specific to Azure database offerings, the detection coverage is Minimal.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Advanced Threat Protection for Azure SQL Database", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/azure-sql/database/threat-detection-overview", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-sql-db-and-warehouse"], "tags": ["Azure Defender", "Azure Defender for SQL", "Azure Security Center", "Azure Security Center Recommendation", "Database"], "mapping-description": "", "capability-id": "Advanced Threat Protection for Azure SQL Database", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": ["https://docs.microsoft.com/en-us/azure/ddos-protection/ddos-protection-overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure DDOS Protection Standard", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure DDOS Protection Standard", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1498"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure DDOS Protection Standard", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1498"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://docs.microsoft.com/en-us/azure/ddos-protection/ddos-protection-overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure DDOS Protection Standard", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure DDOS Protection Standard", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1499"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure DDOS Protection Standard", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1499"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure DDOS Protection Standard", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1499"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1584", "attack-object-name": "Compromise Infrastructure", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Subdomain hijacking is a focus of this control, and its Dangling DNS detection alert feature is activated when an App Service website is decommissioned and its corresponding DNS entry is not deleted, allowing users to remove those entries before they can be leveraged by an adversary.", "attack-object-id": "T1584.001", "attack-object-name": "Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1584"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control monitors for references to suspicious domain names and file downloads from known malware sources, and monitors processes for downloads from raw-data websites like Pastebin, all of which are relevant for detecting users' interactions with malicious download links, but malicious links which exploit browser vulnerabilities for execution are unlikely to be detected, and temporal factor is unknown, resulting in a score of Minimal.", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1204"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1140", "attack-object-name": "Deobfuscate/Decode Files or Information", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control monitors for known phishing links on the Azure App Services website and generates alerts if they are detected, potentially preventing their access by users. This is a very specific avenue, only covers known links, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1566"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control monitors host data for potential reverse shells used for command and control. Temporal factor is unknown.", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1059"}, {"comments": "This control monitors for execution of known malicious PowerShell PowerSploit cmdlets. Temporal factor is uknown.", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1059"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control monitors for web fingerprinting tools including nmap and Blind Elephant, as well as scanners looking for vulnerability in applications like Drupal, Joomla, and WordPress. Temporal factor is unknown.", "attack-object-id": "T1595.002", "attack-object-name": "Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1594", "attack-object-name": "Search Victim-Owned Websites", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate.", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate.", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate.", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate.", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate.", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate.", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate.", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate.", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate.", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate.", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate.", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's Fileless Attack Detection identifies suspicious command execution within process memory. Detection is periodic at an unknown rate.", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1559"}, {"comments": "This control's Fileless Attack Detection identifies suspicious command execution within process memory. Detection is periodic at an unknown rate.", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1559"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control analyzes host data to detect processes with suspicious names, including those named in a way that is suggestive of attacker tools that try to hide in plain sight. False positives are probable, and temporal factor is unknown.", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1036"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of this sub-technique via the Get-ProcessTokenGroup module on Windows, but does not address other procedures or platforms, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1087"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1123", "attack-object-name": "Audio Capture", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of this sub-technique via the Install-SSP module on Windows, but does not address other procedures or platforms, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1547"}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of this sub-technique via New-UserPersistenceOption on Windows, but does not address other procedures or platforms, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1547.001", "attack-object-name": "Registry Run Keys / Startup Folder", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1547"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of this sub-technique via the Privesc-PowerUp modules on Windows, but does not address other procedures, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1543"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of these sub-techniques via the Privesc-PowerUp modules, but does not address other procedures, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1574"}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of these sub-techniques via the Privesc-PowerUp modules, but does not address other procedures, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1574"}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of these sub-techniques via the Privesc-PowerUp modules, but does not address other procedures, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1574"}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of these sub-techniques via the Privesc-PowerUp modules, but does not address other procedures, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1574"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1056", "attack-object-name": "Input Capture", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of this sub-technique via the Get-Keystrokes Exfiltration module on Windows, but does not address other procedures or platforms, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1056.001", "attack-object-name": "Keylogging", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1056"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of this sub-technique via the Find-AVSignature AntivirusBypass module on Windows, but does not address other procedures or platforms, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1027.005", "attack-object-name": "Indicator Removal from Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1027"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of this sub-technique via the Exfiltration modules, but does not address other procedures, and temporal factor is unknown, so score is Minimal.", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1003"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1057", "attack-object-name": "Process Discovery", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1012", "attack-object-name": "Query Registry", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of this sub-technique via the New-UserPersistenceOption Persistence module on Windows, but does not address other procedures, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1053"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1113", "attack-object-name": "Screen Capture", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of this sub-technique via the Invoke-Kerberoast module, but does not address other procedures, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1558"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of this sub-technique via the Get-UnattendedInstallFile, Get-Webconfig, Get-ApplicationHost, Get-SiteListPassword, Get-CachedGPPPassword, and RegistryAutoLogon modules, but does not address other procedures, and temporal factor is unknown, resulting in a Minimal.", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1552"}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of this sub-technique via the Exfiltration modules, but does not address other procedures, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1552"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "At first glance, this control seems mappable to Exfiltration (sub-)techniques but upon further analysis, it doesn't really mitigate exfiltration but rather its prerequisite Collection (sub-)techniques.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview"], "tags": ["Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Conditional Access can be used to enforce MFA for users which can significantly reduce the impact of a password compromise, requiring an adversary to complete an additional authentication method before their access is permitted.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "Conditional Access can be used to enforce MFA for users which can significantly reduce the impact of a password compromise, requiring an adversary to complete an additional authentication method before their access is permitted.", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "Conditional Access can be used to enforce MFA for users which can significantly reduce the impact of a password compromise, requiring an adversary to complete an additional authentication method before their access is permitted.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "Conditional Access can be used to enforce MFA for users which can significantly reduce the impact of a password compromise, requiring an adversary to complete an additional authentication method before their access is permitted.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "At first glance, this control seems mappable to Exfiltration (sub-)techniques but upon further analysis, it doesn't really mitigate exfiltration but rather its prerequisite Collection (sub-)techniques.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview"], "tags": ["Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can protect against the abuse of valid cloud accounts by requiring MFA or blocking access altogether based on signals such as the user's IP location information, device compliance state, risky sign-in/user state (through integration with Azure AD Identity Protection). Additionally, session controls that can limit what a valid user can do within an app can also be triggered based on the aforementioned triggers.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1078"}, {"comments": "At first glance, this control seems mappable to Exfiltration (sub-)techniques but upon further analysis, it doesn't really mitigate exfiltration but rather its prerequisite Collection (sub-)techniques.", "attack-object-id": "T1074", "attack-object-name": "Data Staged", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview"], "tags": ["Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Conditional Access (CA), when granting (risky) users access to Office applications like SharePoint and OneDrive, can restrict what they can do in these applications using its app-enforced restrictions. For example, it can enforce that users on unmanaged devices will have browser-only access to SharePoint/OneDrive with no ability to download, print, or sync files. This can impede an adversary's ability to collect and stage files. This offers minimal coverage as it requires the target application to support such a feature that can be triggered by this control and to date only a few (Office) applications support this.", "attack-object-id": "T1074.002", "attack-object-name": "Remote Data Staging", "references": [], "tags": [], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1074"}, {"comments": "Conditional Access (CA), when granting (risky) users access to Office applications like SharePoint and OneDrive, can restrict what they can do in these applications using its app-enforced restrictions. For example, it can enforce that users on unmanaged devices will have browser-only access to SharePoint/OneDrive with no ability to download, print, or sync files. This can impede an adversary's ability to collect and stage files. This offers minimal coverage as it requires the target application to support such a feature that can be triggered by this control and to date only a few (Office) applications support this.", "attack-object-id": "T1074.001", "attack-object-name": "Local Data Staging", "references": [], "tags": [], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1074"}, {"comments": "At first glance, this control seems mappable to Exfiltration (sub-)techniques but upon further analysis, it doesn't really mitigate exfiltration but rather its prerequisite Collection (sub-)techniques.", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview"], "tags": ["Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "At first glance, this control seems mappable to Exfiltration (sub-)techniques but upon further analysis, it doesn't really mitigate exfiltration but rather its prerequisite Collection (sub-)techniques.", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview"], "tags": ["Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Conditional Access (CA), when granting (risky) users access to Office applications like SharePoint can restrict what they can do in these applications using its app-enforced restrictions. For example, it can enforce that users on unmanaged devices will have browser-only access to SharePoint with no ability to download, print, or sync files. Furthermore, with its integration with Microsoft Cloud App Security, it can even restrict cut, copy and paste operations. This can impede an adversary's ability to collect valuable information and/or files from the application. This protection is partial as it doesn't prohibit an adversary from potentially viewing sensitive information and manually collecting it, for example simply writing down information by hand.", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1213"}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can identify anomalous behavior such as geographically impossible logins and out-of-character activity. \nRelevant alerts include \"Activity from anonymous IP address\" , \"Activity from infrequent country\", \"Activity from suspicious IP address\", \"Impossible Travel\", and \"Activity performed by terminated user\".", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "This control can identify anomalous behavior such as geographically impossible logins and out-of-character activity. \nRelevant alerts include \"Activity from anonymous IP address\" , \"Activity from infrequent country\", \"Activity from suspicious IP address\", \"Impossible Travel\", and \"Activity performed by terminated user\".", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "This control can identify anomalous behavior such as geographically impossible logins and out-of-character activity. \nRelevant alerts include \"Activity from anonymous IP address\" , \"Activity from infrequent country\", \"Activity from suspicious IP address\", \"Impossible Travel\", and \"Activity performed by terminated user\".", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can identify large volume potential exfiltration activity.", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1567"}, {"comments": "This control can identify large volume potential exfiltration activity, and log user activity potentially related to exfiltration via web services. A relevant alert is \"Unusual file download (by user)\".", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1567"}, {"comments": "This control can identify large volume potential exfiltration activity.", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1567"}, {"comments": "This control can identify large volume potential exfiltration activity, and log user activity potentially related to exfiltration via web services. A relevant alert is \"Unusual file download (by user)\".", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1567"}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1526", "attack-object-name": "Cloud Service Discovery", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect anomalous user behavior wrt information repositories such as Sharepoint or Confluence.", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1213"}, {"comments": "This control may detect anomalous user behavior wrt information repositories such as Sharepoint or Confluence.", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1213"}, {"comments": "This control may detect anomalous user behavior wrt information repositories such as Sharepoint or Confluence.", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1213"}, {"comments": "This control may detect anomalous user behavior wrt information repositories such as Sharepoint or Confluence.", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1213"}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can detect and encrypt sensitive information at rest on supported platforms.", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1565"}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can detect admin activity from risky IP addresses.", "attack-object-id": "T1484.002", "attack-object-name": "Domain Trust Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1484"}, {"comments": "This control can detect admin activity from risky IP addresses.", "attack-object-id": "T1484.001", "attack-object-name": "Group Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1484"}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can detect anomalous admin activity that may be indicative of account manipulation. Relevant alerts include \"Unusual administrative activity (by user)\" and \"Unusual addition of credentials to an OAuth app\".", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1098"}, {"comments": "This control can detect anomalous admin activity that may be indicative of account manipulation. Relevant alerts include \"Unusual administrative activity (by user)\" and \"Unusual addition of credentials to an OAuth app\".", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1098"}, {"comments": "This control can detect anomalous admin activity that may be indicative of account manipulation. Relevant alerts include \"Unusual administrative activity (by user)\" and \"Unusual addition of credentials to an OAuth app\".", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1098"}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can identify anomalous admin activity.", "attack-object-id": "T1578.004", "attack-object-name": "Revert Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1578"}, {"comments": "This control can identify anomalous admin activity.", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1578"}, {"comments": "This control can identify anomalous admin activity.", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1578"}, {"comments": "This control can identify anomalous admin activity.", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1578"}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can identify some evidence of potential C2 via a specific application layer protocol (mail). Relevant alerts include \"Suspicious inbox forwarding\" and \"Suspicious inbox manipulation rule\".", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can detect some activity indicative of brute force attempts to login. Relevant alert is \"Multiple failed login attempts\".", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This control can detect some activity indicative of brute force attempts to login. Relevant alert is \"Multiple failed login attempts\".", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This control can detect some activity indicative of brute force attempts to login. Relevant alert is \"Multiple failed login attempts\".", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1534", "attack-object-name": "Internal Spearphishing", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping file covers Docker container registries security features along with the Azure Defender for Container Registries scanner. The scanning capability of the control is only available for Linux images in registries accessible from the public internet with shell access which limits the general applicability.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-container-registries-introduction", "https://docs.microsoft.com/en-us/azure/container-registry/container-registry-intro"], "tags": ["Azure Defender", "Azure Security Center Recommendation", "Containers"], "mapping-description": "", "capability-id": "Azure Defender for Container Registries", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping file covers Docker container registries security features along with the Azure Defender for Container Registries scanner. The scanning capability of the control is only available for Linux images in registries accessible from the public internet with shell access which limits the general applicability.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-container-registries-introduction", "https://docs.microsoft.com/en-us/azure/container-registry/container-registry-intro"], "tags": ["Azure Defender", "Azure Security Center Recommendation", "Containers"], "mapping-description": "", "capability-id": "Azure Defender for Container Registries", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping file covers Docker container registries security features along with the Azure Defender for Container Registries scanner. The scanning capability of the control is only available for Linux images in registries accessible from the public internet with shell access which limits the general applicability.", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-container-registries-introduction", "https://docs.microsoft.com/en-us/azure/container-registry/container-registry-intro"], "tags": ["Azure Defender", "Azure Security Center Recommendation", "Containers"], "mapping-description": "", "capability-id": "Azure Defender for Container Registries", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping file covers Docker container registries security features along with the Azure Defender for Container Registries scanner. The scanning capability of the control is only available for Linux images in registries accessible from the public internet with shell access which limits the general applicability.", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-container-registries-introduction", "https://docs.microsoft.com/en-us/azure/container-registry/container-registry-intro"], "tags": ["Azure Defender", "Azure Security Center Recommendation", "Containers"], "mapping-description": "", "capability-id": "Azure Defender for Container Registries", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's \"Require MFA for administrative roles\" and \"Ensure all users can complete multi-factor authentication for secure access\" recommendations for enabling MFA can significantly lead to reducing the impact of a password compromise of accounts, requiring the adversary to complete an additional authentication method before their access is permitted.\nThis control's \"Do not expire passwords\" recommendation also can lead to mitigating the Password Guessing or Cracking sub-techniques by disabling password reset which tends to lead to users selecting weaker passwords. \nThis control's \"Enable policy to block legacy authentication\" and \"Stop legacy protocols communication\" recommendations can lead to protecting against these brute force attacks as Microsoft research has shown organizations that have disabled legacy authentication experience 67 percent fewer compromises than those where legacy authentication is enabled. Additionally, the same research shows that more than 99 percent of password spray and more than 97 percent of credential stuffing attacks use legacy authentication.\nThis control's \"Resolve unsecure account attributes\" recommendation can lead to detecting accounts with disabled (Kerberos) Preauthentication which can enable offline Password Cracking.\nBecause these are recommendations and do not actually enforce MFA, the assessed score is capped at Partial. ", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This control's \"Require MFA for administrative roles\" and \"Ensure all users can complete multi-factor authentication for secure access\" recommendations for enabling MFA can significantly lead to reducing the impact of a password compromise of accounts, requiring the adversary to complete an additional authentication method before their access is permitted.\nThis control's \"Do not expire passwords\" recommendation also can lead to mitigating the Password Guessing or Cracking sub-techniques by disabling password reset which tends to lead to users selecting weaker passwords. \nThis control's \"Enable policy to block legacy authentication\" and \"Stop legacy protocols communication\" recommendations can lead to protecting against these brute force attacks as Microsoft research has shown organizations that have disabled legacy authentication experience 67 percent fewer compromises than those where legacy authentication is enabled. Additionally, the same research shows that more than 99 percent of password spray and more than 97 percent of credential stuffing attacks use legacy authentication.\nThis control's \"Resolve unsecure account attributes\" recommendation can lead to detecting accounts with disabled (Kerberos) Preauthentication which can enable offline Password Cracking.\nBecause these are recommendations and do not actually enforce MFA, the assessed score is capped at Partial. ", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This control's \"Require MFA for administrative roles\" and \"Ensure all users can complete multi-factor authentication for secure access\" recommendations for enabling MFA can significantly lead to reducing the impact of a password compromise of accounts, requiring the adversary to complete an additional authentication method before their access is permitted.\nThis control's \"Do not expire passwords\" recommendation also can lead to mitigating the Password Guessing or Cracking sub-techniques by disabling password reset which tends to lead to users selecting weaker passwords. \nThis control's \"Enable policy to block legacy authentication\" and \"Stop legacy protocols communication\" recommendations can lead to protecting against these brute force attacks as Microsoft research has shown organizations that have disabled legacy authentication experience 67 percent fewer compromises than those where legacy authentication is enabled. Additionally, the same research shows that more than 99 percent of password spray and more than 97 percent of credential stuffing attacks use legacy authentication.\nThis control's \"Resolve unsecure account attributes\" recommendation can lead to detecting accounts with disabled (Kerberos) Preauthentication which can enable offline Password Cracking.\nBecause these are recommendations and do not actually enforce MFA, the assessed score is capped at Partial. ", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This control's \"Require MFA for administrative roles\" and \"Ensure all users can complete multi-factor authentication for secure access\" recommendations for enabling MFA can significantly lead to reducing the impact of a password compromise of accounts, requiring the adversary to complete an additional authentication method before their access is permitted.\nThis control's \"Do not expire passwords\" recommendation also can lead to mitigating the Password Guessing or Cracking sub-techniques by disabling password reset which tends to lead to users selecting weaker passwords. \nThis control's \"Enable policy to block legacy authentication\" and \"Stop legacy protocols communication\" recommendations can lead to protecting against these brute force attacks as Microsoft research has shown organizations that have disabled legacy authentication experience 67 percent fewer compromises than those where legacy authentication is enabled. Additionally, the same research shows that more than 99 percent of password spray and more than 97 percent of credential stuffing attacks use legacy authentication.\nThis control's \"Resolve unsecure account attributes\" recommendation can lead to detecting accounts with disabled (Kerberos) Preauthentication which can enable offline Password Cracking.\nBecause these are recommendations and do not actually enforce MFA, the assessed score is capped at Partial. ", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Require MFA for administrative roles\" and \"Ensure all users can complete multi-factor authentication for secure access\" recommendations of MFA can provide protection against an adversary that obtains valid credentials by requiring the adversary to complete an additional authentication process before access is permitted. See the mapping for MFA for more details. \nThis control's \"Use limited administrative roles\" recommendation recommends reviewing and limiting the number of accounts with global admin privilege, reducing what an adversary can do with a compromised valid account.\nBecause these are recommendations and do not actually enforce the protections, the assessed score is capped at Partial. ", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "This control's \"Turn on sign-in risk policy\" and \"Turn on user risk policy\" recommendations recommend enabling Azure AD Identity Protection which can lead to detecting adversary usage of valid accounts. See the mapping for Azure AD Identity Protection.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "This control's \"Remove dormant accounts from sensitive groups\" recommendation recommends reviewing dormant (domain) accounts from sensitive groups via an assessment report that can identify sensitive accounts that are dormant.\nBecause these are recommendations and do not actually enforce the protections coupled with being limited to sensitive accounts, the assessed score is Minimal. ", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1078"}, {"comments": "This control's \"Protect and manage local admin passwords with Microsoft LAPS\" recommendation recommends periodically running and reviewing the Microsoft LAPS usage report that identifies all Windows based devices not protected by Microsoft LAPS. This can help reduce the compromise of local administrator accounts.\nBecause this is a recommendations and not actually enforced coupled with being limited to sensitive accounts, the assessed score is Minimal. ", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1078"}, {"comments": "This control's \"Protect and manage local admin passwords with Microsoft LAPS\" recommendation recommends periodically running and reviewing the Microsoft LAPS usage report that identifies all Windows based devices not protected by Microsoft LAPS. This can help reduce the compromise of local administrator accounts.\nBecause this is a recommendations and not actually enforced coupled with being limited to sensitive accounts, the assessed score is Minimal. ", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1078"}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's \"Turn on sign-in risk policy\" and \"Turn on user risk policy\" recommendations recommend enabling Azure AD Identity Protection which can detect the malicious usage of SAML Tokens. This is a recommendation and therefore the score is capped at Partial.", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1606"}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's \"Resolve unsecure account attributes\" recommendation can lead to detecting Active Directory accounts which do not require Kerberos preauthentication. Preauthentication offers protection against offline (Kerberos) Password Cracking. \nBecause this is a recommendation its score is capped as Partial.", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1558"}, {"comments": "This control's \"Reduce lateral movement path risk to sensitive entities\" recommendation can lead to protecting sensitive accounts against Pass-the-Hash and Pass-the-Ticket attacks that may result in an adversary acquiring a golden ticket. It recommends running the Lateral-Movement-Paths report to understand and identify exactly how attackers can move laterally through the monitored network to gain access to privileged identities such as the KRBTGT on the domain controller. Because this is a recommendation, its score has been capped as Partial.", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1558"}, {"comments": "This control's \"Modify unsecure Kerberos delegations to prevent impersonation\" recommendation promotes running the \"Unsecure Kerberos delegation\" report that can identify accounts that have unsecure Kerberos delegation configured. Unsecured Kerberos delegation can lead to exposing account TGTs to more hosts resulting in an increased attack surface for Kerberoasting. Due to this control providing a recommendation its score is capped at Partial.", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1558"}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's \"Reduce lateral movement path risk to sensitive entities\" recommendation can lead to protecting sensitive accounts against Pass-the-Hash and Pass-the-Ticket attacks by recommending running the Lateral-Movement-Paths report to understand and identify exactly how attackers can move laterally through the monitored network to gain access to privileged identities. Because this is a recommendation, its score has been capped as Partial.", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1550"}, {"comments": "This control's \"Reduce lateral movement path risk to sensitive entities\" recommendation can lead to protecting sensitive accounts against Pass-the-Hash and Pass-the-Ticket attacks by recommending running the Lateral-Movement-Paths report to understand and identify exactly how attackers can move laterally through the monitored network to gain access to privileged identities. Because this is a recommendation, its score has been capped as Partial.", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1550"}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Remove unsecure SID history attributes from entities\" recommendation promotes running the \"Unsecure SID history attributes\" report periodically which can lead to identifying accounts with SID History attributes which Microsoft Defender for Identity profiles to be risky. Because this is a recommendation and not actually enforced, coupled with the detection its assessed score is capped at Partial. ", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1134"}, {"comments": "All scores have been assessed as Partial because this control increases the strength of user passwords thereby reducing the likelihood of a successful brute force attack. Due to the fact that a user's password is not checked against the banned list of passwords unless the user changes or resets their password (which is an infrequent event), there is still ample opportunity for attackers to utilize this technique to gain access. This is what prevented the score from being elevated to Significant.\n", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad"], "tags": ["Azure Active Directory", "Credentials", "Identity", "Passwords"], "mapping-description": "", "capability-id": "Azure Active Directory Password Protection", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Active Directory Password Protection", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Active Directory Password Protection", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Active Directory Password Protection", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Active Directory Password Protection", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "Signature based antimalware solutions are generally dependent on Indicators of Compromise(IOCs) such as file hashes and malware signatures. ATT&CK is primarily centered on behaviors and Tactics, Techniques, and Procedures(TTPs), hence the minimal amount of techinques and scoring.", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": ["https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware", "https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware-code-samples"], "tags": ["Azure Security Center"], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Signature based antimalware solutions are generally dependent on Indicators of Compromise(IOCs) such as file hashes and malware signatures. ATT&CK is primarily centered on behaviors and Tactics, Techniques, and Procedures(TTPs), hence the minimal amount of techinques and scoring.", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": ["https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware", "https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware-code-samples"], "tags": ["Azure Security Center"], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may quarantine and/or delete any spearphishing attachment that has been downloaded and matches a malware signature. Customized malware without a matching signature may not generate an alert.", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1566"}, {"comments": "This control may detect any spearphishing attachment that has been downloaded and matches a malware signature. Customized malware without a matching signature may not generate an alert.", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1566"}, {"comments": "Signature based antimalware solutions are generally dependent on Indicators of Compromise(IOCs) such as file hashes and malware signatures. ATT&CK is primarily centered on behaviors and Tactics, Techniques, and Procedures(TTPs), hence the minimal amount of techinques and scoring.", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": ["https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware", "https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware-code-samples"], "tags": ["Azure Security Center"], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control monitors activity in cloud services and on virtual machines to block malware execution. This is dependent on a signature being available. ", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1204"}, {"comments": "This control monitors activity in cloud services and on virtual machines to detect malware execution. This is dependent on a signature being available. ", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1204"}, {"comments": "Signature based antimalware solutions are generally dependent on Indicators of Compromise(IOCs) such as file hashes and malware signatures. ATT&CK is primarily centered on behaviors and Tactics, Techniques, and Procedures(TTPs), hence the minimal amount of techinques and scoring.", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": ["https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware", "https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware-code-samples"], "tags": ["Azure Security Center"], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Signature based antimalware solutions are generally dependent on Indicators of Compromise(IOCs) such as file hashes and malware signatures. ATT&CK is primarily centered on behaviors and Tactics, Techniques, and Procedures(TTPs), hence the minimal amount of techinques and scoring.", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": ["https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware", "https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware-code-samples"], "tags": ["Azure Security Center"], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Signature based antimalware solutions are generally dependent on Indicators of Compromise(IOCs) such as file hashes and malware signatures. ATT&CK is primarily centered on behaviors and Tactics, Techniques, and Procedures(TTPs), hence the minimal amount of techinques and scoring.", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": ["https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware", "https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware-code-samples"], "tags": ["Azure Security Center"], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Signature based antimalware solutions are generally dependent on Indicators of Compromise(IOCs) such as file hashes and malware signatures. ATT&CK is primarily centered on behaviors and Tactics, Techniques, and Procedures(TTPs), hence the minimal amount of techinques and scoring.", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": ["https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware", "https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware-code-samples"], "tags": ["Azure Security Center"], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may quarantine and/or delete malware that has been packed by well known software packing utilities. These utilities can provide signatures that apply to a variety of malware.", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1027"}, {"comments": "This control may detect malware that has been packed by well known software packing utilities. These utilities can provide signatures that apply to a variety of malware.", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1027"}, {"comments": "", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": ["https://docs.microsoft.com/en-us/azure/web-application-firewall/overview"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Focuses on web vulnerability scanning of OWASP Core Rule Set (CRS).", "attack-object-id": "T1595.002", "attack-object-name": "Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "", "attack-object-id": "T1595.002", "attack-object-name": "Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/web-application-firewall/overview"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/web-application-firewall/overview"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://docs.microsoft.com/en-us/azure/web-application-firewall/overview"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://docs.microsoft.com/en-us/azure/web-application-firewall/overview"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/azure/web-application-firewall/overview"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/azure/web-application-firewall/overview"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can protect web applications from protocol attacks that may be indicative of adversary activity.", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "This control can detect protocol attacks targeting web applications that may be indicative of adversary activity.", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "The temporal score for this control on most of the techniques and subtechnique is minimal, since it does not provide specific analytics itself (though can be used to provide data to other analytics after the fact. \"The event-related data is collected near real time from the analytic and audit logs provided by enhanced DNS logging and diagnostics in Windows Server 2012 R2.\". Inventory-related data is uploaded every 48 hours.", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/azure/azure-monitor/insights/dns-analytics"], "tags": ["DNS", "Network"], "mapping-description": "", "capability-id": "Azure DNS Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can be used forensically to identify clients that communicated with identified C2 hosts.", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure DNS Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1071"}, {"comments": "The temporal score for this control on most of the techniques and subtechnique is minimal, since it does not provide specific analytics itself (though can be used to provide data to other analytics after the fact. \"The event-related data is collected near real time from the analytic and audit logs provided by enhanced DNS logging and diagnostics in Windows Server 2012 R2.\". Inventory-related data is uploaded every 48 hours.", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": ["https://docs.microsoft.com/en-us/azure/azure-monitor/insights/dns-analytics"], "tags": ["DNS", "Network"], "mapping-description": "", "capability-id": "Azure DNS Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can be used for after-the-fact analysis of potential fast-flux DNS C2", "attack-object-id": "T1568.001", "attack-object-name": "Fast Flux DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure DNS Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1568"}, {"comments": "This control can be used for after-the-fact analysis of potential fast-flux DNS C2", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure DNS Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1568"}, {"comments": "The temporal score for this control on most of the techniques and subtechnique is minimal, since it does not provide specific analytics itself (though can be used to provide data to other analytics after the fact. \"The event-related data is collected near real time from the analytic and audit logs provided by enhanced DNS logging and diagnostics in Windows Server 2012 R2.\". Inventory-related data is uploaded every 48 hours.", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://docs.microsoft.com/en-us/azure/azure-monitor/insights/dns-analytics"], "tags": ["DNS", "Network"], "mapping-description": "", "capability-id": "Azure DNS Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can potentially be used to forensically identify exfiltration via DNS protocol.", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure DNS Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1048"}, {"comments": "The temporal score for this control on most of the techniques and subtechnique is minimal, since it does not provide specific analytics itself (though can be used to provide data to other analytics after the fact. \"The event-related data is collected near real time from the analytic and audit logs provided by enhanced DNS logging and diagnostics in Windows Server 2012 R2.\". Inventory-related data is uploaded every 48 hours.", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": ["https://docs.microsoft.com/en-us/azure/azure-monitor/insights/dns-analytics"], "tags": ["DNS", "Network"], "mapping-description": "", "capability-id": "Azure DNS Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The temporal score for this control on most of the techniques and subtechnique is minimal, since it does not provide specific analytics itself (though can be used to provide data to other analytics after the fact. \"The event-related data is collected near real time from the analytic and audit logs provided by enhanced DNS logging and diagnostics in Windows Server 2012 R2.\". Inventory-related data is uploaded every 48 hours.", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": ["https://docs.microsoft.com/en-us/azure/azure-monitor/insights/dns-analytics"], "tags": ["DNS", "Network"], "mapping-description": "", "capability-id": "Azure DNS Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can be used forensically to identify DNS queries to known malicious sites, which may be evidence of phishing.", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure DNS Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1566"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time?tabs=jit-config-asc%2Cjit-request-api", "https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender for Servers"], "mapping-description": "", "capability-id": "Just-in-Time VM Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time?tabs=jit-config-asc%2Cjit-request-api", "https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender for Servers"], "mapping-description": "", "capability-id": "Just-in-Time VM Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time?tabs=jit-config-asc%2Cjit-request-api", "https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender for Servers"], "mapping-description": "", "capability-id": "Just-in-Time VM Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control can be configured to completely block inbound access to selected ports until access is requested. This prevents any attempt at brute forcing a protocol, such as RDP or SSH, unless the attacker has the credentials and permissions to request such access. Even if permission has been granted to an authorized user to access the virtual machine, a list of authorized IP addresses for that access can be configured.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Just-in-Time VM Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control can be configured to completely block inbound access to selected ports until access is requested. This prevents any attempt at brute forcing a protocol, such as RDP or SSH, unless the attacker has the credentials and permissions to request such access. Even if permission has been granted to an authorized user to access the virtual machine, a list of authorized IP addresses for that access can be configured.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Just-in-Time VM Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control can be configured to completely block inbound access to selected ports until access is requested. This prevents any attempt at brute forcing a protocol, such as RDP or SSH, unless the attacker has the credentials and permissions to request such access. Even if permission has been granted to an authorized user to access the virtual machine, a list of authorized IP addresses for that access can be configured.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Just-in-Time VM Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment", "https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-database-vulnerability-assessment-rules"], "tags": ["Azure Defender for SQL", "Database"], "mapping-description": "", "capability-id": "SQL Vulnerability Assessment", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment", "https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-database-vulnerability-assessment-rules"], "tags": ["Azure Defender for SQL", "Database"], "mapping-description": "", "capability-id": "SQL Vulnerability Assessment", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may provide recommendations to disable default accounts and restrict permissions for existing accounts.", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SQL Vulnerability Assessment", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": ["https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment", "https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-database-vulnerability-assessment-rules"], "tags": ["Azure Defender for SQL", "Database"], "mapping-description": "", "capability-id": "SQL Vulnerability Assessment", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may scan for users with unnecessary access to SQL stored procedures.", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SQL Vulnerability Assessment", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1505"}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment", "https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-database-vulnerability-assessment-rules"], "tags": ["Azure Defender for SQL", "Database"], "mapping-description": "", "capability-id": "SQL Vulnerability Assessment", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": ["https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment", "https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-database-vulnerability-assessment-rules"], "tags": ["Azure Defender for SQL", "Database"], "mapping-description": "", "capability-id": "SQL Vulnerability Assessment", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless"], "tags": ["Azure Active Directory", "Credentials", "Identity", "Passwords"], "mapping-description": "", "capability-id": "Passwordless Authentication", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control provides significant protection against password based attacks by completing obviating the need for passwords by replacing it with passwordless credentials.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Passwordless Authentication", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control provides significant protection against password based attacks by completing obviating the need for passwords by replacing it with passwordless credentials.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Passwordless Authentication", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control provides significant protection against password based attacks by completing obviating the need for passwords by replacing it with passwordless credentials.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Passwordless Authentication", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control provides significant protection against password based attacks by completing obviating the need for passwords by replacing it with passwordless credentials.", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Passwordless Authentication", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "", "attack-object-id": "T1590", "attack-object-name": "Gather Victim Network Information", "references": ["https://docs.microsoft.com/en-us/azure/firewall/overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can prevent attempts by an adversary to gather this information using active scanning methods but is not effective of gathering this information using phishing related methods.", "attack-object-id": "T1590.004", "attack-object-name": "Network Topology", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "This control can prevent attempts by an adversary to gather this information using active scanning methods but is not effective of gathering this information using phishing related methods.", "attack-object-id": "T1590.005", "attack-object-name": "IP Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "This control can prevent attempts by an adversary to gather this information using active scanning methods but is not effective of gathering this information using phishing related methods.", "attack-object-id": "T1590.006", "attack-object-name": "Network Security Appliances", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": ["https://docs.microsoft.com/en-us/azure/firewall/overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's threat intelligence-based filtering feature can be enabled to alert and deny traffic from/to known malicious IP addresses and domains. The IP addresses and domains are sourced from the Microsoft Threat Intelligence feed. Because this protection is limited to known malicious IP addresses and domains and does not provide protection from such attacks from unknown domains and IP addresses, this is scored as partial coverage resulting in an overall Partial score.", "attack-object-id": "T1595.001", "attack-object-name": "Scanning IP Blocks", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "This control's threat intelligence-based filtering feature can be enabled to alert and deny traffic from/to known malicious IP addresses and domains. The IP addresses and domains are sourced from the Microsoft Threat Intelligence feed. Because this protection is limited to known malicious IP addresses and domains and does not provide protection from such attacks from unknown domains and IP addresses, this is scored as partial coverage resulting in an overall Partial score.", "attack-object-id": "T1595.002", "attack-object-name": "Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/firewall/overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": ["https://docs.microsoft.com/en-us/azure/firewall/overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can protect against this sub-technique by enforcing limited access to only required ports. Consequently, even if the adversary is able to utilize port knocking to open additional ports at the host level, it is still blocked at the firewall service level. This service typically applies to external traffic and not internal traffic and therefore lateral movement using this technique within a network is still possible. Due to this partial coverage, it has been scored as Partial.", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1205"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://docs.microsoft.com/en-us/azure/firewall/overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1018", "attack-object-name": "Remote System Discovery", "references": ["https://docs.microsoft.com/en-us/azure/firewall/overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": ["https://docs.microsoft.com/en-us/azure/firewall/overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/azure/firewall/overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": ["https://docs.microsoft.com/en-us/azure/firewall/overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": ["https://docs.microsoft.com/en-us/azure/firewall/overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://docs.microsoft.com/en-us/azure/firewall/overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's threat intelligence-based filtering feature can be enabled to alert and deny traffic from/to known malicious IP addresses and domains. The IP addresses and domains are sourced from the Microsoft Threat Intelligence feed. Because this protection is limited to known malicious IP addresses and domains and does not provide protection from such attacks from unknown domains and IP addresses, this is scored as partial coverage resulting in an overall Partial score.", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "This control's threat intelligence-based filtering feature can be enabled to alert and deny traffic from/to known malicious IP addresses and domains. The IP addresses and domains are sourced from the Microsoft Threat Intelligence feed. Because this protection is limited to known malicious IP addresses and domains and does not provide protection from such attacks from unknown domains and IP addresses, this is scored as partial coverage resulting in an overall Partial score.", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "This control's threat intelligence-based filtering feature can be enabled to alert and deny traffic from/to known malicious IP addresses and domains. The IP addresses and domains are sourced from the Microsoft Threat Intelligence feed. Because this protection is limited to known malicious IP addresses and domains and does not provide protection from such attacks from unknown domains and IP addresses, this is scored as partial coverage resulting in an overall Partial score.", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-dns-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-dns"], "tags": ["Network", "DNS"], "mapping-description": "", "capability-id": "Alerts for DNS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Detects \"random\" DNS name occurences, potentially indicative of Fast Flux or DGA. Potential false positives from benign \"random\" DNS names.", "attack-object-id": "T1568.001", "attack-object-name": "Fast Flux DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for DNS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1568"}, {"comments": "Detects \"random\" DNS name occurences, potentially indicative of Fast Flux or DGA. Potential false positives from benign \"random\" DNS names.", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for DNS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1568"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-dns-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-dns"], "tags": ["Network", "DNS"], "mapping-description": "", "capability-id": "Alerts for DNS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Can alert on anomalies and misuse of the DNS protocol.", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for DNS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1071"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-dns-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-dns"], "tags": ["Network", "DNS"], "mapping-description": "", "capability-id": "Alerts for DNS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-dns-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-dns"], "tags": ["Network", "DNS"], "mapping-description": "", "capability-id": "Alerts for DNS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-dns-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-dns"], "tags": ["Network", "DNS"], "mapping-description": "", "capability-id": "Alerts for DNS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-continuous-access-evaluation"], "tags": ["Azure Active Directory", "Identity"], "mapping-description": "", "capability-id": "Continuous Access Evaluation", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Minimal", "related-score": ""}, {"comments": "Security controls like Azure AD Identity Protection can raise a user's risk level asynchronously after they have used a valid account to access organizational data. This CAE control can respond to this change in the users risky state to terminate the user's access within minutes or enforce an additional authentication method such as MFA. This mitigates the impact of an adversary using a valid account. This is control only forces the user to re-authenticate and doesn't resolve the usage of a valid account (i.e. password change) and is therefore a containment type of response. ", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Continuous Access Evaluation", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Partial", "related-score": "T1078"}, {"comments": "Once this control is deployed, it will run a scan every four hours and scans can be run on demand. Documentation notes that within 48 hours of the disclosure of a critical vulnerability, Qualys incorporates the information into their processing and can identify affected machines.\nAll scores are capped at Partial since this control identifies vulnerabilities and does not address the detected vulnerabilities.", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": ["https://docs.microsoft.com/en-us/azure/security-center/deploy-vulnerability-assessment-vm", "https://docs.microsoft.com/en-us/azure/security-center/remediate-vulnerability-findings-vm"], "tags": ["Azure Defender", "Azure Security Center"], "mapping-description": "", "capability-id": "Integrated Vulnerability Scanner Powered by Qualys", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Once this control is deployed, it will run a scan every four hours and scans can be run on demand. Documentation notes that within 48 hours of the disclosure of a critical vulnerability, Qualys incorporates the information into their processing and can identify affected machines.\nAll scores are capped at Partial since this control identifies vulnerabilities and does not address the detected vulnerabilities.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/security-center/deploy-vulnerability-assessment-vm", "https://docs.microsoft.com/en-us/azure/security-center/remediate-vulnerability-findings-vm"], "tags": ["Azure Defender", "Azure Security Center"], "mapping-description": "", "capability-id": "Integrated Vulnerability Scanner Powered by Qualys", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Once this control is deployed, it will run a scan every four hours and scans can be run on demand. Documentation notes that within 48 hours of the disclosure of a critical vulnerability, Qualys incorporates the information into their processing and can identify affected machines.\nAll scores are capped at Partial since this control identifies vulnerabilities and does not address the detected vulnerabilities.", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/deploy-vulnerability-assessment-vm", "https://docs.microsoft.com/en-us/azure/security-center/remediate-vulnerability-findings-vm"], "tags": ["Azure Defender", "Azure Security Center"], "mapping-description": "", "capability-id": "Integrated Vulnerability Scanner Powered by Qualys", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Once this control is deployed, it will run a scan every four hours and scans can be run on demand. Documentation notes that within 48 hours of the disclosure of a critical vulnerability, Qualys incorporates the information into their processing and can identify affected machines.\nAll scores are capped at Partial since this control identifies vulnerabilities and does not address the detected vulnerabilities.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/deploy-vulnerability-assessment-vm", "https://docs.microsoft.com/en-us/azure/security-center/remediate-vulnerability-findings-vm"], "tags": ["Azure Defender", "Azure Security Center"], "mapping-description": "", "capability-id": "Integrated Vulnerability Scanner Powered by Qualys", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Once this control is deployed, it will run a scan every four hours and scans can be run on demand. Documentation notes that within 48 hours of the disclosure of a critical vulnerability, Qualys incorporates the information into their processing and can identify affected machines.\nAll scores are capped at Partial since this control identifies vulnerabilities and does not address the detected vulnerabilities.", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": ["https://docs.microsoft.com/en-us/azure/security-center/deploy-vulnerability-assessment-vm", "https://docs.microsoft.com/en-us/azure/security-center/remediate-vulnerability-findings-vm"], "tags": ["Azure Defender", "Azure Security Center"], "mapping-description": "", "capability-id": "Integrated Vulnerability Scanner Powered by Qualys", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Once this control is deployed, it will run a scan every four hours and scans can be run on demand. Documentation notes that within 48 hours of the disclosure of a critical vulnerability, Qualys incorporates the information into their processing and can identify affected machines.\nAll scores are capped at Partial since this control identifies vulnerabilities and does not address the detected vulnerabilities.", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://docs.microsoft.com/en-us/azure/security-center/deploy-vulnerability-assessment-vm", "https://docs.microsoft.com/en-us/azure/security-center/remediate-vulnerability-findings-vm"], "tags": ["Azure Defender", "Azure Security Center"], "mapping-description": "", "capability-id": "Integrated Vulnerability Scanner Powered by Qualys", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Once this control is deployed, it will run a scan every four hours and scans can be run on demand. Documentation notes that within 48 hours of the disclosure of a critical vulnerability, Qualys incorporates the information into their processing and can identify affected machines.\nAll scores are capped at Partial since this control identifies vulnerabilities and does not address the detected vulnerabilities.", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/security-center/deploy-vulnerability-assessment-vm", "https://docs.microsoft.com/en-us/azure/security-center/remediate-vulnerability-findings-vm"], "tags": ["Azure Defender", "Azure Security Center"], "mapping-description": "", "capability-id": "Integrated Vulnerability Scanner Powered by Qualys", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://docs.microsoft.com/en-us/azure/key-vault/general/overview"], "tags": ["Azure Security Center Recommendation", "Credentials", "Passwords"], "mapping-description": "", "capability-id": "Azure Key Vault", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": ["https://docs.microsoft.com/en-us/azure/key-vault/general/overview"], "tags": ["Azure Security Center Recommendation", "Credentials", "Passwords"], "mapping-description": "", "capability-id": "Azure Key Vault", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://docs.microsoft.com/en-us/azure/key-vault/general/overview"], "tags": ["Azure Security Center Recommendation", "Credentials", "Passwords"], "mapping-description": "", "capability-id": "Azure Key Vault", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.microsoft.com/en-us/azure/key-vault/general/overview"], "tags": ["Azure Security Center Recommendation", "Credentials", "Passwords"], "mapping-description": "", "capability-id": "Azure Key Vault", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1602"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1602"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can be used to identify anomalous TFTP boot traffic.", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1542"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1563"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1563"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can identify anomalous traffic with respect specific ports (though it can't identify presence or lack of encryption).", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "This control can identify anomalous traffic with respect specific ports (though it can't identify presence or lack of encryption).", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "This control can identify anomalous traffic with respect specific ports (though it can't identify presence or lack of encryption).", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can detect anomalous traffic with respect to remote access protocols and groups.", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "This control can detect anomalous traffic with respect to remote access protocols and groups.", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "This control can detect anomalous traffic with respect to remote access protocols and groups.", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "This control can detect anomalous traffic with respect to remote access protocols and groups.", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "This control can detect anomalous traffic with respect to remote access protocols and groups.", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "This control can detect anomalous traffic with respect to remote access protocols and groups.", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can detect anomalous application protocol traffic with respect to network security group (NSG) (though web traffic would be typically too commonplace for this control to be useful).", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "This control can detect anomalous application protocol traffic with respect to network security group (NSG) (though web traffic would be typically too commonplace for this control to be useful).", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "This control can detect anomalous application protocol traffic with respect to network security group (NSG) (though web traffic would be typically too commonplace for this control to be useful).", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": ["https://docs.microsoft.com/en-us/azure/security-center/harden-docker-hosts"], "tags": ["Azure Security Center", "Containers", "Linux"], "mapping-description": "", "capability-id": "Docker Host Hardening", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": ["https://docs.microsoft.com/en-us/azure/security-center/harden-docker-hosts"], "tags": ["Azure Security Center", "Containers", "Linux"], "mapping-description": "", "capability-id": "Docker Host Hardening", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may provide recommendations to remove setuid and setguid permissions from container images. It may not be feasible to audit and remediate all binaries that have and require setuid and setguid permissions.", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "Docker Host Hardening", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1548"}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/harden-docker-hosts"], "tags": ["Azure Security Center", "Containers", "Linux"], "mapping-description": "", "capability-id": "Docker Host Hardening", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.microsoft.com/en-us/azure/security-center/harden-docker-hosts"], "tags": ["Azure Security Center", "Containers", "Linux"], "mapping-description": "", "capability-id": "Docker Host Hardening", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": ["https://docs.microsoft.com/en-us/azure/security-center/harden-docker-hosts"], "tags": ["Azure Security Center", "Containers", "Linux"], "mapping-description": "", "capability-id": "Docker Host Hardening", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/security-center/harden-docker-hosts"], "tags": ["Azure Security Center", "Containers", "Linux"], "mapping-description": "", "capability-id": "Docker Host Hardening", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may provide recommendations to ensure sshd is not running within Docker containers. This can prevent attackers from utilizing unmonitored SSH servers within containers. This may not prevent attackers from installing a SSH server in containers or hosts.", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "Docker Host Hardening", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1021"}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": ["https://docs.microsoft.com/en-us/azure/security-center/harden-docker-hosts"], "tags": ["Azure Security Center", "Containers", "Linux"], "mapping-description": "", "capability-id": "Docker Host Hardening", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}]} \ No newline at end of file +{"metadata": {"mapping-version": 1, "attack-version": 8.2, "technology-domain": "enterprise", "author": "", "contact": "ctid@mitre-engenuity.org", "creation-date": "03/4/2021", "last-update": "", "organization": "", "mapping-framework": "Azure", "mapping-framework-version": ""}, "attack-objects": [{"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azuread-identity-protection-adds-support-for-federated/ba-p/244328"], "tags": ["Credentials", "Azure Active Directory", "Identity", "Microsoft 365 Defender"], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azuread-identity-protection-adds-support-for-federated/ba-p/244328"], "tags": ["Credentials", "Azure Active Directory", "Identity", "Microsoft 365 Defender"], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides risk detections that can be used to detect suspicious uses of valid accounts, e.g.: Anonymous IP address, Atypical travel, Malware linked IP address, Unfamiliar sign-in properties, etc. Microsoft utilizes machine learning and heuristic systems to reduce the false positive rate but there will be false positives.\nThe temporal factor of this control's detection is low because although there are some real-time detections most are offline detections (multi-day).", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "Response Type: Eradication\nSupports blocking and resetting the user's credentials based on the detection of a risky user/sign-in manually and also supports automation via its user and sign-in risk policies.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1078"}, {"comments": "When Azure Active Directory (AAD) Federation is configured for a tenant, an adversary that compromises a domain credential can use it to access (Azure) cloud resources. Identity Protection supports applying its risk detections (e.g.: Anonymous IP address, Atypical travel, Malware linked IP address, Unfamiliar sign-in properties, etc.) to federated identities thereby providing detection mitigation for this risk. Because this detection is specific to an adversary utilizing valid domain credentials to access cloud resources and does not mitigate the usage of valid domain credentials to access on-premise resources, this detection has been scored as Partial.\n\nThe temporal factor of this control's detection is low because although there are some real-time detections most are offline detections (multi-day).", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "Response Type: Containment\nSupports risk detection responses such as blocking a user's access and enforcing MFA. These responses contain the impact of this sub-technique but do not eradicate it (by forcing a password reset).", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Partial", "related-score": "T1078"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azuread-identity-protection-adds-support-for-federated/ba-p/244328"], "tags": ["Credentials", "Azure Active Directory", "Identity", "Microsoft 365 Defender"], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azuread-identity-protection-adds-support-for-federated/ba-p/244328"], "tags": ["Credentials", "Azure Active Directory", "Identity", "Microsoft 365 Defender"], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Partial", "related-score": ""}, {"comments": "This control supports detecting risky sign-ins and users that involve federated users and therefore can potentially alert on this activity. Not all alert types for this control support federated accounts therefore the detection coverage for this technique is partial.", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1606"}, {"comments": "Response Type: Eradication\nSupports blocking and resetting the user's credentials based on the detection of a risky user/sign-in manually and also supports automation via its user and sign-in risk policies.", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1606"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azuread-identity-protection-adds-support-for-federated/ba-p/244328"], "tags": ["Credentials", "Azure Active Directory", "Identity", "Microsoft 365 Defender"], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection", "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azuread-identity-protection-adds-support-for-federated/ba-p/244328"], "tags": ["Credentials", "Azure Active Directory", "Identity", "Microsoft 365 Defender"], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Minimal", "related-score": ""}, {"comments": "This control specifically provides detection of Password Spray attacks for Azure Active Directory accounts. Microsoft documentation states that this detection is based on a machine learning algorithm that has been improved with the latest improvement yielding a 100 percent increase in recall and 98 percent precision. The temporal factor for this detection is Partial as its detection is described as offline (i.e. detections may not show up in reporting for two to twenty-four hours).", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "Response Type: Eradication\nSupports blocking and resetting the user's credentials based on the detection of a risky user/sign-in (such as Password Spray attack) manually and also supports automation via its user and sign-in risk policies.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Protection", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1110"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may detect suspicious activity from existing Windows accounts and logons from suspicious IP addresses. The following alerts may be generated: \"A logon from a malicious IP has been detected\", \"A logon from a malicious IP has been detected. [seen multiple times]\".", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "This control may detect suspicious activity from existing Windows accounts and logons from suspicious IP addresses. The following alerts may be generated: \"A logon from a malicious IP has been detected\", \"A logon from a malicious IP has been detected. [seen multiple times]\".", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect suspicious usage of PowerShell and the Windows command line. These detections include usage of suspicious arguments, dynamic script construction, and shellcode on the commandline. The following alerts may be generated: \"Detected anomalous mix of upper and lower case characters in command-line\", \"Detected encoded executable in command line data\", \"Detected obfuscated command line\", \"Detected suspicious combination of HTA and PowerShell\", \"Detected suspicious commandline arguments\", \"Detected suspicious commandline used to start all executables in a directory\", \"Detected suspicious credentials in commandline\", \"Dynamic PS script construction\", \"Suspicious PowerShell Activity Detected\", \"Suspicious PowerShell cmdlets executed\", \"Suspicious command execution\".", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1059"}, {"comments": "This control may detect suspicious usage of PowerShell and the Windows command line. These detections include usage of suspicious arguments, dynamic script construction, and shellcode on the commandline. The following alerts may be generated: \"Detected anomalous mix of upper and lower case characters in command-line\", \"Detected encoded executable in command line data\", \"Detected obfuscated command line\", \"Detected suspicious combination of HTA and PowerShell\", \"Detected suspicious commandline arguments\", \"Detected suspicious commandline used to start all executables in a directory\", \"Detected suspicious credentials in commandline\", \"Dynamic PS script construction\", \"Suspicious PowerShell Activity Detected\", \"Suspicious PowerShell cmdlets executed\", \"Suspicious command execution\".", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1059"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may detect the usage of a malware dropper and other indicators of a malicious file being executed by the user. The following alerts may be generated: \"Detected possible execution of keygen executable\", \"Detected possible execution of malware dropper\", \"Detected suspicious file creation\".", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1204"}, {"comments": "", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect when the Registry is leveraged to gain persistence. The following alerts may be generated: \"Windows registry persistence method detected\".", "attack-object-id": "T1547.001", "attack-object-name": "Registry Run Keys / Startup Folder", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect when an account is created with an account name that closely resembles a standard Windows account or group name. This may be an account created by an attacker to blend into the environment. The following alerts may be generated: \"Suspicious Account Creation Detected\".", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1136"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect when the tscon.exe binary is installed as a service to exploit RDP sessions or when a rare service group is executed under SVCHOST. The following alerts may be generated: \"Suspect service installation\".", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1543"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect when a suspicious screensaver process is executed, based on the location of the .scr file. Because this detection is based solely on the location of the file, it has been scored as Partial. The following alerts may be generated: \"Suspicious Screensaver process executed\".", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1546"}, {"comments": "This control may detect when the binary for the sticky keys utility has been replaced, possibly to gain persistence or execution. The following alerts may be generated: \"Sticky keys attack detected\".", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1546"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect when User Account Control is bypassed by manipulating the Windows registry. There may be other methods to Bypass User Account Control which limits the score to Minimal. The following alerts may be generated: \"Detected change to a registry key that can be abused to bypass UAC\"", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1548"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate. The following alerts may be generated: \"Fileless attack technique detected\", \"Fileless attack behavior detected\", \"Fileless attack toolkit detected\", \"Suspicious SVCHOST process executed\".", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate. The following alerts may be generated: \"Fileless attack technique detected\", \"Fileless attack behavior detected\", \"Fileless attack toolkit detected\", \"Suspicious SVCHOST process executed\".", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate. The following alerts may be generated: \"Fileless attack technique detected\", \"Fileless attack behavior detected\", \"Fileless attack toolkit detected\", \"Suspicious SVCHOST process executed\".", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate. The following alerts may be generated: \"Fileless attack technique detected\", \"Fileless attack behavior detected\", \"Fileless attack toolkit detected\", \"Suspicious SVCHOST process executed\".", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate. The following alerts may be generated: \"Fileless attack technique detected\", \"Fileless attack behavior detected\", \"Fileless attack toolkit detected\", \"Suspicious SVCHOST process executed\".", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate. The following alerts may be generated: \"Fileless attack technique detected\", \"Fileless attack behavior detected\", \"Fileless attack toolkit detected\", \"Suspicious SVCHOST process executed\".", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate. The following alerts may be generated: \"Fileless attack technique detected\", \"Fileless attack behavior detected\", \"Fileless attack toolkit detected\", \"Suspicious SVCHOST process executed\".", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate. The following alerts may be generated: \"Fileless attack technique detected\", \"Fileless attack behavior detected\", \"Fileless attack toolkit detected\", \"Suspicious SVCHOST process executed\".", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1140", "attack-object-name": "Deobfuscate/Decode Files or Information", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect the usage of cacls.exe to modify file and directory permissions. The following alerts may be generated: \"Detected suspicious use of Cacls to lower the security state of the system\".", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1222"}, {"comments": "", "attack-object-id": "T1564", "attack-object-name": "Hide Artifacts", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect usage of the WindowPosition Registry value to hide application windows in non-visible sections of the desktop. The following alerts may be generated: \"Suspicious WindowPosition registry value detected\".", "attack-object-id": "T1564.003", "attack-object-name": "Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1564"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect modification of the Windows firewall through use of netsh.exe or using a method that matches a known threat actor. The following alerts may be generated: \"Malicious firewall rule created by ZINC server implant [seen multiple times]\", \"Detected suspicious new firewall rule\".", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1562"}, {"comments": "This control may detect when critical services have been disabled, such as Windows Security Center. This control may also detect when IIS logging has been disabled. The following alerts may be generated: \"Detected the disabling of critical services\", \"Detected actions indicative of disabling and deleting IIS log files\".", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1562"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect suspicious file cleanup commands and shadow copy deletion activity. The following alerts may be generated: \"Detected suspicious file cleanup commands\", \"Suspicious Volume Shadow Copy Activity\".", "attack-object-id": "T1070.004", "attack-object-name": "File Deletion", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1070"}, {"comments": "This control may detect when an event log has been cleared or IIS logs have been deleted. The following alerts may be generated: \"Detected actions indicative of disabling and deleting IIS log files\", \"An event log was cleared\".", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1070"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect suspicious usage of Mshta to execute PowerShell and suspicious Rundll32 execution. The following alerts may be generated: \"Detected suspicious execution via rundll32.exe\", \"Detected suspicious combination of HTA and PowerShell\".", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1218"}, {"comments": "This control may detect suspicious usage of Mshta to execute PowerShell and suspicious Rundll32 execution. The following alerts may be generated: \"Detected suspicious execution via rundll32.exe\", \"Detected suspicious combination of HTA and PowerShell\".", "attack-object-id": "T1218.011", "attack-object-name": "Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1218"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may detect successful and failed brute force attempts with logic that factors the IP, time between attempts, and other suspicious activity. The following alerts may be generated: \"A logon from a malicious IP has been detected\", \"A logon from a malicious IP has been detected. [seen multiple times]\", \"Successful brute force attack\", \"Suspicious authentication activity\".", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control may detect successful and failed brute force attempts with logic that factors the IP, time between attempts, and other suspicious activity. The following alerts may be generated: \"A logon from a malicious IP has been detected\", \"A logon from a malicious IP has been detected. [seen multiple times]\", \"Successful brute force attack\", \"Suspicious authentication activity\".", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control may detect successful and failed brute force attempts with logic that factors the IP, time between attempts, and other suspicious activity. The following alerts may be generated: \"A logon from a malicious IP has been detected\", \"A logon from a malicious IP has been detected. [seen multiple times]\", \"Successful brute force attack\", \"Suspicious authentication activity\".", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect when the registry is modified to allow logon credentials to be stored in clear text in LSA memory. This change allows a threat actor to gain plain text credentials from the host machine. The following alerts may be generated: \"Detected enabling of the WDigest UseLogonCredential registry key\".", "attack-object-id": "T1003.004", "attack-object-name": "LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1003"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect commandline parameters consistent with a Kerberos Golden Ticket attack. The following alerts may be generated: \"Suspected Kerberos Golden Ticket attack parameters observed\".", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1558"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may detect when the local administrators group is enumerated or when mulitiple domain accounts are queried. The following alerts may be generated: \"Multiple Domain Accounts Queried\", \"Local Administrators group members were enumerated\".", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1087"}, {"comments": "This control may detect when the local administrators group is enumerated or when mulitiple domain accounts are queried. The following alerts may be generated: \"Multiple Domain Accounts Queried\", \"Local Administrators group members were enumerated\".", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1087"}, {"comments": "", "attack-object-id": "T1082", "attack-object-name": "System Information Discovery", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may detect RDP hijacking through use of the tscon.exe binary. The following alerts may be generated: \"Suspect integrity level indicative of RDP hijacking\", \"Suspect service installation\".", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1563"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect suspicious use of the Telegram tool for transferring malicious binaries across hosts. The following alerts may be generated: \"Detected potentially suspicious use of Telegram tool\".", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1048"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1202", "attack-object-name": "Indirect Command Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-windows"], "tags": ["Azure Defender", "Azure Defender for Servers", "Windows"], "mapping-description": "", "capability-id": "Alerts for Windows Machines", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Authentication to Linux machines should require SSH keys\" can obviate SSH Brute Force password attacks. Because this is specific to Linux, the coverage score is Minimal leading to an overall Minimal score.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "This control's \"Authentication to Linux machines should require SSH keys\" can obviate SSH Brute Force password attacks. Because this is specific to Linux, the coverage score is Minimal leading to an overall Minimal score.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "This control's \"Authentication to Linux machines should require SSH keys\" can obviate SSH Brute Force password attacks. Because this is specific to Linux, the coverage score is Minimal leading to an overall Minimal score.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's \"Secure Boot should be enabled on your Linux virtual machine\" and \"Virtual machines should be attested for boot integrity health\" recommendations can lead to enabling secure boot on Linux VMs to mitigate these sub-techniques. Because this recommendation is specific to Linux VM and is a recommendation, its score is capped at Partial.", "attack-object-id": "T1542.001", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1542"}, {"comments": "This control's \"Secure Boot should be enabled on your Linux virtual machine\" and \"Virtual machines should be attested for boot integrity health\" recommendations can lead to enabling secure boot on Linux VMs to mitigate these sub-techniques. Because this recommendation is specific to Linux VM and is a recommendation, its score is capped at Partial.", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1542"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Container CPU and memory limits should be enforced\" recommendation can lead to preventing resource exhaustion attacks by recommending enforcing limits for containers to ensure the runtime prevents the container from using more than the configured resource limit. Because this is a recommendation, its score is capped at Partial.", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing modification of a Kubernetes container's file system which can mitigate this technique. Because this recommendation is specific to Kubernetes containers, its score is Minimal.", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1098"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing system files from being modified in Kubernetes containers thereby mitigating this sub-technique since adding an account (on Linux) requires modifying system files. Because this is a recommendation, its score is capped at Partial.", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1136"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing the addition or modification of systemd service files in Kubernetes containers thereby mitigating this sub-technique. Because this is a recommendation, and specific to Kubernetes containers, its score is assessed as Minimal.", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1543"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing the addition or modification of the file system in Kubernetes containers thereby mitigating this sub-technique. Because this is a recommendation, and specific to Kubernetes containers, its score is assessed as Minimal.", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1546"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing modifications to the file system in Kubernetes containers which can mitigate adversaries installing web shells. Because this is a recommendation, and specific to Kubernetes containers, its score is assessed as Minimal.", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1505"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing the modification of the file system permissions in Kubernetes containers thereby mitigating this sub-technique. Because this is a recommendation, and specific to Kubernetes containers, its score is assessed as Minimal.", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1222"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1564", "attack-object-name": "Hide Artifacts", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing these sub-techniques which result in changes to the file system directly or indirectly during their execution. Because this is a recommendation, and specific to Kubernetes containers, its score is assessed as Minimal.", "attack-object-id": "T1564.001", "attack-object-name": "Hidden Files and Directories", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1564"}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing these sub-techniques which result in changes to the file system directly or indirectly during their execution. Because this is a recommendation, and specific to Kubernetes containers, its score is assessed as Minimal.", "attack-object-id": "T1564.005", "attack-object-name": "Hidden File System", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1564"}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing these sub-techniques which result in changes to the file system directly or indirectly during their execution. Because this is a recommendation, and specific to Kubernetes containers, its score is assessed as Minimal.", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1564"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing the addition or modification of config files in Kubernetes containers required to implement the behaviors described in these sub-techniques. Because this is a recommendation, and specific to Kubernetes containers, its score is assessed as Minimal.", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1053"}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing the addition or modification of config files in Kubernetes containers required to implement the behaviors described in these sub-techniques. Because this is a recommendation, and specific to Kubernetes containers, its score is assessed as Minimal.", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1053"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to preventing this sub-technique which often modifies Pluggable Authentication Modules (PAM) components in the file system. Because this is a recommendation, and specific to Kubernetes containers, its score is assessed as Minimal.", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1556"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1074", "attack-object-name": "Data Staged", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to mitigating this sub-technique by preventing modification of the local filesystem. Due to it being a recommendation, its score is capped at Partial.", "attack-object-id": "T1074.001", "attack-object-name": "Local Data Staging", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1074"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Immutable (read-only) root filesystem should be enforced for containers\" recommendation can lead to mitigating this sub-technique by preventing modification of the local filesystem. \n\nLikewise this control's recommendations related to using customer-managed keys to encrypt data at rest and enabling transparent data encryption for SQL databases can mitigate this sub-technique by reducing an adversary's ability to perform tailored data modifications.\n\nDue to it being a recommendation, its score is capped at Partial.", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1565"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Deprecated accounts should be removed from your subscription\" and \"Deprecated accounts with owner permissions should be removed from your subscription\" recommendation can lead to removing accounts that should not be utilized from your subscriptions thereby denying adversaries the usage of these accounts to find ways to access your data without being noticed. \nLikewise, the recommendations related to External account permissions can also mitigate this sub-technique.\nBecause these are recommendations and only limited to deprecated and external accounts, this is scored as Minimal.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1078"}, {"comments": "Security Center recommendations include recommendations to enable security controls that have already been mapped separately (e.g. \"Azure Defender for App Service should be enabled\"). Rather than including the (sub-)techniques that these controls map to within this mapping, consult the mapping files for these controls. To make this latter task easier, we have tagged all such controls with the \"Azure Security Center Recommendation\" tag.\nAll scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.\nIoT related recommendations were not included in this mapping.", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference", "https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction"], "tags": ["Azure Security Center", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Security Center Recommendations", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-storage-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurestorage"], "tags": ["Azure Defender", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Defender for Storage", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-storage-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurestorage"], "tags": ["Azure Defender", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Defender for Storage", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may generate alerts based on unfamiliar or suspicious IP addresses, TOR exit node, and anonymous access. ", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for Storage", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1078"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-storage-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurestorage"], "tags": ["Azure Defender", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Defender for Storage", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-storage-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurestorage"], "tags": ["Azure Defender", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Defender for Storage", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-storage-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurestorage"], "tags": ["Azure Defender", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Defender for Storage", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-storage-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurestorage"], "tags": ["Azure Defender", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Defender for Storage", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-storage-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurestorage"], "tags": ["Azure Defender", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Defender for Storage", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-storage-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurestorage"], "tags": ["Azure Defender", "Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Defender for Storage", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on suspicious commandline activity. Alerts may be generated on possible detection of shellcode usage on the commandline, based on arguments, location, user, etc.", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1059"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on addition of new SSH keys to the authorized key file and unusual process access of the authorized key file.", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1098"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on a suspicious shared object file being loaded as a kernel module. No documentation is provided on the logic but kernel module loading is a relatively rare event and can only be done with a small set of commands.", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on usage of the useradd command to create new users and the creation of local user accounts with suspicious similarity to other account names.", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1136"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on usage of web shells. No documentation is provided on logic for this detection.", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1505"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1564", "attack-object-name": "Hide Artifacts", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on the execution of hidden files. Since this control is only triggered on execution, it may not fire on a variety of hidden files or directories that are being utilized for malicious purposes.", "attack-object-id": "T1564.001", "attack-object-name": "Hidden Files and Directories", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1564"}, {"comments": "This control may alert on containers using privileged commands, running SSH servers, or running mining software.", "attack-object-id": "T1564.006", "attack-object-name": "Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1564"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on manipulation of the on-host firewall. Firewall rules should not be changed often in a standard environment and such an event can provide a high fidelity alert.", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1562"}, {"comments": "This control may alert on activity which disables auditd logging on Linux endpoints. The auditd package may not be the only logging system being utilized and this control may not alert on activity that disables other logging software.", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may alert on possible log tampering activity, including deletion of logs. No documentation is provided on which log sources are targeted by this control.", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1070"}, {"comments": "This control may alert on clearing of the command history file. Documentation is not provided on the logic for detecting when the command history is cleared but on Linux machines the location of the history file tends not to change from the default.", "attack-object-id": "T1070.003", "attack-object-name": "Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1070"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on suspicious compilation. No documentation is provided on the logic for determining a suspicious compilation event.", "attack-object-id": "T1027.004", "attack-object-name": "Compile After Delivery", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1027"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may alert on multiple successful and failed brute force attempts against SSH. There are no alerts for other methods of logging into Linux machines.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This control may alert on multiple successful and failed brute force attempts against SSH. There are no alerts for other methods of logging into Linux machines.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This control may alert on multiple successful and failed brute force attempts against SSH. There are no alerts for other methods of logging into Linux machines.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may alert on suspicious access to encrypted user passwords. The documentation does not reference \"/etc/passwd\" and \"/etc/shadow\" directly nor does it describe the logic in determining suspicious access.", "attack-object-id": "T1003.008", "attack-object-name": "/etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1003"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alerts on SSH brute force attempts, addition of new SSH keys, and usage of a SSH server within a container. Alerts may not be generated by usage of existing SSH keys by malicious actors for lateral movement.", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Detections are periodic at an unknown rate.", "attack-object-id": "T1113", "attack-object-name": "Screen Capture", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-linux"], "tags": ["Azure Defender", "Linux"], "mapping-description": "", "capability-id": "Linux auditd alerts and Log Analytics agent integration", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-resource-manager-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-resourcemanager"], "tags": ["Azure Defender"], "mapping-description": "", "capability-id": "Azure Defender for Resource Manager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following alerts are available for Windows Defender security features being disabled but none for third party security tools: \"Antimalware broad files exclusion in your virtual machine\", \"Antimalware disabled and code execution in your virtual machine\", \"Antimalware disabled in your virtual machine\", \"Antimalware file exclusion and code execution in your virtual machine\", \"Antimalware file exclusion in your virtual machine\", \"Antimalware real-time protection was disabled in your virtual machine\", \"Antimalware real-time protection was disabled temporarily in your virtual machine\", \"Antimalware real-time protection was disabled temporarily while code was executed in your virtual machine\", \"Antimalware temporarily disabled in your virtual machine\", \"Antimalware unusual file exclusion in your virtual machine\".", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for Resource Manager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1562"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-resource-manager-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-resourcemanager"], "tags": ["Azure Defender"], "mapping-description": "", "capability-id": "Azure Defender for Resource Manager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-resource-manager-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-resourcemanager"], "tags": ["Azure Defender"], "mapping-description": "", "capability-id": "Azure Defender for Resource Manager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1526", "attack-object-name": "Cloud Service Discovery", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-resource-manager-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-resourcemanager"], "tags": ["Azure Defender"], "mapping-description": "", "capability-id": "Azure Defender for Resource Manager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1069", "attack-object-name": "Permission Groups Discovery", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-resource-manager-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-resourcemanager"], "tags": ["Azure Defender"], "mapping-description": "", "capability-id": "Azure Defender for Resource Manager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on Permission Groups Discovery of Cloud Groups activity generated by specific toolkits, such as MicroBurst, PowerZure, etc. It may not generate alerts on undocumented discovery techniques or exploitation toolkits. The following alerts may be generated: \"MicroBurst exploitation toolkit used to enumerate resources in your subscriptions\", \"Azurite toolkit run detected\".", "attack-object-id": "T1069.003", "attack-object-name": "Cloud Groups", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for Resource Manager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1069"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-resource-manager-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-resourcemanager"], "tags": ["Azure Defender"], "mapping-description": "", "capability-id": "Azure Defender for Resource Manager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on Account Discovery of Cloud Accounts activity generated by specific toolkits, such as MicroBurst, PowerZure, etc. It may not generate alerts on undocumented discovery techniques or exploitation toolkits. The following alerts may be generated: \"PowerZure exploitation toolkit used to enumerate storage containers, shares, and tables\", \"PowerZure exploitation toolkit used to enumerate resources\", \"MicroBurst exploitation toolkit used to enumerate resources in your subscriptions\", \"Azurite toolkit run detected\".", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for Resource Manager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1087"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-resource-manager-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-resourcemanager"], "tags": ["Azure Defender"], "mapping-description": "", "capability-id": "Azure Defender for Resource Manager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-resource-manager-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-resourcemanager"], "tags": ["Azure Defender"], "mapping-description": "", "capability-id": "Azure Defender for Resource Manager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Can limit access to client management interfaces or configuration databases", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1602"}, {"comments": "Can limit access to client management interfaces or configuration databases", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1602"}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can be used to restrict clients to connecting (and therefore booting) from only trusted network resources.", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1542"}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control can reduce the protocols available for data exfiltration. Temporal immediate, coverage substantial.", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1048"}, {"comments": "This control can reduce the protocols available for data exfiltration. Temporal immediate, coverage substantial.", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1048"}, {"comments": "This control can reduce the protocols available for data exfiltration. Temporal immediate, coverage substantial.", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1048"}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "This control can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "This control can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "This control can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "This control can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "This control can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can be used to restrict access to endpoints and thereby mitigate low-end DOS attacks.", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "This control can be used to restrict access to endpoints and thereby mitigate low-end DOS attacks.", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "This control can be used to restrict access to endpoints and thereby mitigate low-end DOS attacks.", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can restrict access between systems, enclaves, and workloads thereby mitigating these proxy related sub-techniques.", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "This control can restrict access between systems, enclaves, and workloads thereby mitigating these proxy related sub-techniques.", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "This control can restrict access between systems, enclaves, and workloads thereby mitigating these proxy related sub-techniques.", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note: one can employ Application Security Groups (ASG) in Network Security Group (NSG) rules to map rules to workloads etc. Not scoring ASG as a separate control. One can employ Adaptive Network Hardening (ANH) to generate recommended NSG rules based on traffic, known trusted configuration, threat intelligence, and other inidcators of compromise. Not scoring ANH as a separate control.", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": ["https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview", "https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works", "https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-network-hardening"], "tags": ["Adaptive Network Hardening", "Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can be used to implement whitelist based network rules that can mitigate variations of this sub-techniques that result in opening closed ports for communication. Because this control is able to drop traffic before reaching a compromised host, it can effectively mitigate this port knocking sub-technique.", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Network Security Groups", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1205"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The Azure Sentinel Hunting \"Rare processes run by Service accounts\" query can identify potential misuse of default accounts. Because this detection is specific to rare processes its coverage score is Minimal resulting in a Minimal score.", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1078"}, {"comments": "The following Azure Sentinel Hunting queries can identify potential compromise of domain accounts based on access attempts and/or account usage: \"Suspicious Windows Login outside normal hours\", \"User account added or removed from security group by an unauthorized user\", \"User Account added to Built in Domain Local or Global Group\", \"User Login IP Address Teleportation\", \"User made Owner of multiple teams\", \"Tracking Privileged Account Rare Activity\", \"New Admin account activity which was not seen historically\", \"New client running queries\", \"New users running queries\", \"Non-owner mailbox login activity\", \"Powershell or non-browser mailbox login activity\", \"Rare User Agent strings\", \"Same IP address with multiple csUserAgent\" which may indicate that an account is being used from a new device, \"Rare domains seen in Cloud Logs\" when accounts from uncommon domains access or attempt to access cloud resources, \"Same User - Successful logon for a given App and failure on another App within 1m and low distribution\", \"Hosts with new logons\", \"Inactive or new account signins\", \"Long lookback User Account Created and Deleted within 10mins\", \"Anomalous Geo Location Logon\", and \"Anomalous Sign-in Activity\".\nThe following Azure Sentinel Analytics queries can identify potential compromise of domain accounts based on access attempts and/or account usage: \"Anomalous User Agent connection attempt\", \"New UserAgent observed in last 24 hours\" which may indicate that an account is being used from a new device, \"Anomalous sign-in location by user account and authenticating application\", \"Anomalous login followed by Teams action\", \"GitHub Signin Burst from Multiple Locations\", \"Sign-ins from IPs that attempt sign-ins to disabled accounts\", \"Failed Host logons but success logon to AzureAD\", and \"Anomalous RDP Login Detections\".", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "The following Azure Sentinel Hunting queries can identify potential compromise of local accounts based on access attempts and/or account usage: \"Suspicious Windows Login outside normal hours\", \"User Login IP Address Teleportation\", \"User account added or removed from a security group by an unauthorized user\", \"User Account added to Built in Domain Local or Global Group\", \"User added to SQL Server SecurityAdmin Group\", \"User Role altered on SQL Server\", \"User made Owner of multiple teams\", \"Tracking Privileged Account Rare Activity\", and \"Anomalous Login to Devices\".\nThe following Azure Sentinel Analytics queries can identify potential compromise of local accounts based on access attempts and/or account usage: \"User account enabled and disabled within 10 mins\", \"Long lookback User Account Created and Deleted within 10mins\", \"Explicit MFA Deny\", \"Hosts with new logons\", \"Inactive or new account signins\", \"Anomalous SSH Login Detection\", and \"Anomalous RDP Login Detections\".", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "The following Azure Sentinel Hunting queries can identify potential compromise of cloud accounts: \"New Admin account activity which was not seen historically\", \"New client running queries\", \"New users running queries\", \"User returning more data than daily average\", \"User Login IP Address Teleportation\", \"Non-owner mailbox login activity\", \"Powershell or non-browser mailbox login activity\", \"Rare User Agent strings\" and \"Same IP address with multiple csUserAgent\" which may indicate that an account is being used from a new device, \"Rare domains seen in Cloud Logs\", \"Same User - Successful logon for a given App and failure on another App within 1m and low distribution\", \"Anomalous Azure Active Directory Apps based on authentication location\", \"Anomalous Geo Location Logon\", \"Anomalous Sign-in Activity\", \"Azure Active Directory sign-in burst from multiple locations\", and \"Azure Active Directory signins from new locations\".\n\nThe following Azure Sentinel Analytics queries can identify potential compromise of cloud accounts: \"Anomalous User Agent connection attempt\" and \"New UserAgent observed in last 24 hours\", which may indicate that an account is being used from a new device which may belong to an adversary; \"Anomalous sign-in location by user account and authenticating application\", \"GitHub Signin Burst from Multiple Locations\", \"GitHub Activites from a New Country\", and \"Sign-ins from IPs that attempt sign-ins to disabled accounts\", which may indicate adversary access from atypical locations; \"Azure Active Directory PowerShell accessing non-AAD resources\", \"Anomalous login followed by Teams action\", \"Login to AWS management console without MFA\", and \"Azure Active Directory PowerShell accessing non-AAD resources\" which may indicate an adversary attempting to use a valid account to access resources from other contexts. The \"Correlate Unfamiliar sign-in properties\" query can further enhance detection of anomalous activity.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following Azure Sentinel Hunting queries can identify potentially malicious changes to Azure DevOps project resources: \"Azure DevOps - Project Visibility changed to public\" can identify a specific action that may be an indicator of an attacker modifying the cloud compute infrastructure. \"Azure DevOps - Public project created\" and \"Azure DevOps - Public project enabled by admin\" can identify specific instances of potential defense evasion.\nThe following Azure Sentinel Analytics queries can identify potentially malicious changes to Azure DevOps project resources: \"AzureDevops Service Connection Abuse\" can detect potential malicious behavior associated with use of large number of service connections, \"External Upstream Source added to Azure DevOps\" identifies a specific behavior that could compromise the DevOps build pipeline, \"Azure DevOps Pull Request Policy Bypassing - History\" can identify specific potentially malicious behavior that compromises the build process, \"Azure DevOps Pipeline modified by a New User\" identifies potentially malicious activity that could compromise the DevOps pipeline, \"Azure DevOps Administrator Group Monitoring\" monitors for specific activity which could compromise the build/release process, \"New Agent Added to Pool by New User or a New OS\" can detect a suspicious behavior that could potentially compromise DevOps pipeline.", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1195"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The \"Summary of user logons by logon type\" Azure Sentinel Hunting query compares successful and unsuccessful logon attempts to identify potential lateral movement.\nThe following Azure Sentinel Hunting queries can identify potential attempts at credential brute force based on unsuccessful attempts: \"VIP account more than 6 failed logons in 10\", \"Multiple Failed Logon on SQL Server in Short time Span\", \"Permutations on logon attempts by UserPrincipalNames indicating potential brute force\", \"Potential IIS brute force\", \"Failed attempt to access Azure Portal\", \"Failed Login Attempt by Expired account\", \"Failed Logon Attempts on SQL Server\", \"Failed Logon on SQL Server from Same IPAddress in Short time Span\", \"Failed service logon attempt by user account with available AuditData\", \"Login attempt by Blocked MFA user\", \"Login spike with increase failure rate\", \"Attempts to sign-in to disabled accounts by IP address\", \"Attempts to sign-in to disabled accounts by account name\", \"Brute Force attack against Azure Portal\", and \"Anomalous Failed Logon\"\nThe following Azure Sentinel Analytics queries can identify potential attempts at credential brute force based on unsuccessful attempts: \"Brute force attack against Azure Portal\", \"Password spray attack against Azure AD application\", \"Successful logon from IP and failure from a different IP\", \"Failed logon attempts in authpriv\", \"Failed AzureAD logons but success logon to host\", \"Excessive Windows logon failures\", \"Failed login attempts to Azure Portal\", \"Failed logon attempts by valid accounts within 10 mins\", \"Brute Force Attack against GitHub Account\", \"Distributed Password cracking attempts in AzureAD\", \"Potential Password Spray Attack\" based on periodic assessment of Azure Active Directory sign-in events and Okta console logins, \"Attempts to sign in to disabled accounts\", \"Sign-ins from IPs that attempt sign-ins to disabled accounts\", \"High count of failed logins by a user\", \"Hi count of failed attempts same client IP\", \"SSH - Potential Brute Force\", and \"SecurityEvent - Multiple authentication failures followed by success\".", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "The \"Summary of user logons by logon type\" Azure Sentinel Hunting query compares successful and unsuccessful logon attempts to identify potential lateral movement.\nThe following Azure Sentinel Hunting queries can identify potential attempts at credential brute force based on unsuccessful attempts: \"VIP account more than 6 failed logons in 10\", \"Multiple Failed Logon on SQL Server in Short time Span\", \"Permutations on logon attempts by UserPrincipalNames indicating potential brute force\", \"Potential IIS brute force\", \"Failed attempt to access Azure Portal\", \"Failed Login Attempt by Expired account\", \"Failed Logon Attempts on SQL Server\", \"Failed Logon on SQL Server from Same IPAddress in Short time Span\", \"Failed service logon attempt by user account with available AuditData\", \"Login attempt by Blocked MFA user\", \"Login spike with increase failure rate\", \"Attempts to sign-in to disabled accounts by IP address\", \"Attempts to sign-in to disabled accounts by account name\", \"Brute Force attack against Azure Portal\", and \"Anomalous Failed Logon\"\nThe following Azure Sentinel Analytics queries can identify potential attempts at credential brute force based on unsuccessful attempts: \"Brute force attack against Azure Portal\", \"Password spray attack against Azure AD application\", \"Successful logon from IP and failure from a different IP\", \"Failed logon attempts in authpriv\", \"Failed AzureAD logons but success logon to host\", \"Excessive Windows logon failures\", \"Failed login attempts to Azure Portal\", \"Failed logon attempts by valid accounts within 10 mins\", \"Brute Force Attack against GitHub Account\", \"Distributed Password cracking attempts in AzureAD\", \"Potential Password Spray Attack\" based on periodic assessment of Azure Active Directory sign-in events and Okta console logins, \"Attempts to sign in to disabled accounts\", \"Sign-ins from IPs that attempt sign-ins to disabled accounts\", \"High count of failed logins by a user\", \"Hi count of failed attempts same client IP\", \"SSH - Potential Brute Force\", and \"SecurityEvent - Multiple authentication failures followed by success\".", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "The \"Summary of user logons by logon type\" Azure Sentinel Hunting query compares successful and unsuccessful logon attempts to identify potential lateral movement.\nThe following Azure Sentinel Hunting queries can identify potential attempts at credential brute force based on unsuccessful attempts: \"VIP account more than 6 failed logons in 10\", \"Multiple Failed Logon on SQL Server in Short time Span\", \"Permutations on logon attempts by UserPrincipalNames indicating potential brute force\", \"Potential IIS brute force\", \"Failed attempt to access Azure Portal\", \"Failed Login Attempt by Expired account\", \"Failed Logon Attempts on SQL Server\", \"Failed Logon on SQL Server from Same IPAddress in Short time Span\", \"Failed service logon attempt by user account with available AuditData\", \"Login attempt by Blocked MFA user\", \"Login spike with increase failure rate\", \"Attempts to sign-in to disabled accounts by IP address\", \"Attempts to sign-in to disabled accounts by account name\", \"Brute Force attack against Azure Portal\", and \"Anomalous Failed Logon\"\nThe following Azure Sentinel Analytics queries can identify potential attempts at credential brute force based on unsuccessful attempts: \"Brute force attack against Azure Portal\", \"Password spray attack against Azure AD application\", \"Successful logon from IP and failure from a different IP\", \"Failed logon attempts in authpriv\", \"Failed AzureAD logons but success logon to host\", \"Excessive Windows logon failures\", \"Failed login attempts to Azure Portal\", \"Failed logon attempts by valid accounts within 10 mins\", \"Brute Force Attack against GitHub Account\", \"Distributed Password cracking attempts in AzureAD\", \"Potential Password Spray Attack\" based on periodic assessment of Azure Active Directory sign-in events and Okta console logins, \"Attempts to sign in to disabled accounts\", \"Sign-ins from IPs that attempt sign-ins to disabled accounts\", \"High count of failed logins by a user\", \"Hi count of failed attempts same client IP\", \"SSH - Potential Brute Force\", and \"SecurityEvent - Multiple authentication failures followed by success\".", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Hunting \"First access credential added to Application or Service Principal where no credential was present\" query can identify potentially malicious changes to Service Principal credentials.\nThe Azure Sentinel Analytics \"Credential added after admin consented to Application\" and \"New access credential added to Application or Service Principal\" queries can identify potentially malicious manipulation of additional cloud credentials.", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1098"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following Azure Sentinel Analytics queries can identify potentially malicious use of web protocols: \"Powershell Empire cmdlets seen in command line\" can identify use of Empire, which can perform command and control over protocols like HTTP and HTTPS. \"Request for single resource on domain\" can identify patterns that suggest possible command and control beaconing. The coverage for these queries is minimal resulting in an overall Minimal score.", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1071"}, {"comments": "The following Azure Sentinel Hunting queries can identify potentially malicious use of DNS: \"RareDNSLookupWithDataTransfer\" [sic] can identify data transfer over DNS, though it is contingent on DNS traffic meeting the requirements to be considered rare. \"Abnormally Long DNS URI queries\" can identify suspicious DNS queries that may be indicative of command and control operations. \"DNS - domain anomalous lookup increase\", \"DNS Full Name anomalous lookup increase\", and \"DNS lookups for commonly abused TLDs\" can identify increases in domain lookups for a client IP and indicate malicious traffic or exfiltration of sensitive data.", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can identify use of Empire, which can use Dropbox and GitHub for data exfiltration. The Azure Sentinel Analytics \"SharePointFileOperation via previously unseen IPs\" can detect potential exfiltration activity via SharePoint. The coverage for these queries is minimal resulting in an overall Minimal score.", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1567"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can identify use of Empire, which can use Dropbox and GitHub for data exfiltration. The Azure Sentinel Analytics \"SharePointFileOperation via previously unseen IPs\" can detect potential exfiltration activity via SharePoint. The coverage for these queries is minimal resulting in an overall Minimal score.", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1567"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"High count of connections by client IP on many ports\" query can identify client IP addresses with 30 or more active ports used within a ten minute window, checked at a default frequency of once per hour, which may indicate scanning. Note that false positives are probable based on changes in usage patterns and/or misconfiguration, and this detection only works if scanning is not spread out over a longer timespan.", "attack-object-id": "T1595.002", "attack-object-name": "Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following Azure Sentinel Hunting queries can identify potential exfiltration: \"Abnormally long DNS URI queries\" can identify potential exfiltration via DNS. \"Multiple users email forwarded to same destination\" and \"Office Mail Forwarding - Hunting Version\" can detect potential exfiltration via email.\nThe Azure Sentinel Analytics \"Multiple users email forwarded to same destination\" query can detect potential exfiltration via email. The coverage for these queries is minimal resulting in an overall Minimal score.", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1048"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Hunting \"Security Event Log Cleared\" query can detect clearing of the security event logs, though not necessarily clearing of any arbitrary Windows event logs.", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1070"}, {"comments": "The Azure Sentinel Hunting \"Windows System Time changed on hosts\" query can detect potential timestomping activities.\nThe Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can identify use of Empire, which can timestomp files and/or payloads on a target machine to help them blend in.", "attack-object-id": "T1070.006", "attack-object-name": "Timestomp", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1070"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can identify use of Empire, which leverages PowerShell for the majority of its client-side agent tasks and can conduct PowerShell remoting. The coverage for these queries is minimal (specific to Empire) resulting in an overall Minimal score.", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1059"}, {"comments": "The Azure Sentinel Hunting \"Cscript script daily summary breakdown\" can detect potentially malicious scripting. The Azure Sentinel Hunting \"Hosts running a rare process with commandline\" query can identify uncommon command shell usage that may be malicious.\nThe Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can identify use of Empire, which has modules for executing Windows Command Shell scripts. The Azure Sentinel Analytics \"Base64 encoded Windows process command-lines\" query can identify Base64 encoded PE files being launched via the command line.", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1059"}, {"comments": "The Azure Sentinel Hunting \"Rare process running on a Linux host\" query can identify uncommon shell usage that may be malicious.", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1059"}, {"comments": "The Azure Sentinel Hunting \"Cscript script daily summary breakdown\" can detect potentially malicious scripting. The Azure Sentinel Hunting \"Hosts running a rare process with commandline\" query can identify uncommon command shell usage that may be malicious.", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript/JScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1059"}, {"comments": "The Azure Sentinel Hunting \"Cscript script daily summary breakdown\" can detect potentially malicious scripting. The Azure Sentinel Hunting \"Hosts running a rare process with commandline\" query can identify uncommon command shell usage that may be malicious.", "attack-object-id": "T1059.005", "attack-object-name": "Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1059"}, {"comments": "The Azure Sentinel Hunting \"Cscript script daily summary breakdown\" can detect potentially malicious scripting. The Azure Sentinel Hunting \"Hosts running a rare process with commandline\" query can identify uncommon command shell usage that may be malicious.", "attack-object-id": "T1059.006", "attack-object-name": "Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1059"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following Azure Sentinel Hunting queries can identify potentially malicious access to SharePoint: \"SharePointFileOperation via clientIP with previously unseen user agents\", \"SharePointFileOperation via devices with previously unseen user agents\", and \"SharePointFileOperation via previously unseen IPs\".\nThe Azure Sentinel Analytics \"SharePointFileOperation via devices with previously unseen user agents\" query can identify a high number of upload or download actions by an unknown and possible malicious actor.", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1213"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1018", "attack-object-name": "Remote System Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The Azure Sentinel Hunting \"New User created on SQL Server\" query can detect a specific type of potentially malicious local account creation.\nThe following Azure Sentinel Analytics queries can identify potentially malicious local account creation: \"Summary of users created using uncommon/undocumented commandline switches\" which can identify use of the net command to create user accounts, \"User created by unauthorized user\", \"User Granted Access and associated audit activity\" and \"User Granted Access and Grants others Access\" which may identify account creation followed by suspicious behavior, \"User account created and deleted within 10 mins\" which suggests an account may have existed only long enough to fulfill a malicious purpose, and \"Powershell Empire cmdlets seen in command line\" which can identify use of Empire, including for account creation.", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1136"}, {"comments": "The following Azure Sentinel Analytics queries can identify potentially malicious domain account creation: \"Summary of users created using uncommon/undocumented commandline switches\" which can identify use of the net command to create user accounts, \"User created by unauthorized user\", \"User Granted Access and associated audit activity\" and \"User Granted Access and Grants others Access\" which may identify account creation followed by suspicious behavior, \"User account created and deleted within 10 mins\" which suggests an account may have existed only long enough to fulfill a malicious purpose, and \"Powershell Empire cmdlets seen in command line\" which can identify use of Empire, including for account creation.", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1136"}, {"comments": "The Azure Sentinel Hunting queries can identify potentially malicious cloud account creation: \"External user added and removed in short timeframe\" and \"External user from a new organisation added\" can identify the addition of new external Teams user accounts.\nThe following Azure Sentinel Analytics queries can identify potentially malicious cloud account creation: \"User Granted Access and created resources\" which identifies a newly created user account gaining access and creating resources in Azure, and \"New Cloud Shell User\".", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1136"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can identify use of Empire, which has the ability to collect emails on a target system. The coverage for these queries is minimal (specific to Empire) resulting in an overall Minimal score.", "attack-object-id": "T1114.001", "attack-object-name": "Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1114"}, {"comments": "The Azure Sentinel Hunting \"Suspect Mailbox Export on IIS/OWA\" query can identify potential malicious exfiltration hosting via IIS. The Azure Sentinel Hunting \"Host Exporting Mailbox and Removing Export\" query can identify potential exfiltration of data from Exchange servers. The coverage for these queries is minimal resulting in an overall Minimal score.", "attack-object-id": "T1114.002", "attack-object-name": "Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1114"}, {"comments": "The Azure Sentinel Hunting \"Mail redirect via ExO transport rule\" query can detect potentially malicious email redirection, but is limited to Exchange servers only.", "attack-object-id": "T1114.003", "attack-object-name": "Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1114"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Hunting \"Web shell command alert enrichment\", \"Web shell Detection\", and \"Web shell file alert enrichment\" queries can identify potentially malicious activity via web shell.", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1505"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channel", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following Azure Sentinel Analytics queries can detect potentially malicious usage of asymmetric cryptography channels: \"DNS events related to ToR proxies\" can identify potential use of Tor, though it provides only minimal coverage because it only covers a set of common domains and is easily bypassed via hardcoded IP addresses, redirection, etc. \"Powershell Empire cmdlets seen in command line\" can identify use of Empire, which can use TLS to encrypt a command and control channel.", "attack-object-id": "T1573.002", "attack-object-name": "Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1573"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"DNS events related to ToR proxies\" query can identify potential use of Tor, though it provides only minimal coverage because it only covers a set of common domains and is easily bypassed via hardcoded IP addresses, redirection, etc.", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1090"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following Azure Sentinel Hunting queries can identify potentially malicious modifications to Sentinel resources: \"Azure Sentinel Analytics Rules Administrative Operations\", \"Azure Sentinel Connectors Administrative Operations\", and \"Azure Sentinel Workbooks Administrative Operations\".\nThe Azure Sentinel Analytics \"Starting or Stopping HealthService to Avoid Detection\" query can detect potentially malicious disabling of telemetry collection/detection.\nThe coverage for these queries is minimal resulting in an overall Minimal score.", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "The Azure Sentinel Analytics \"Audit policy manipulation using auditpol utility\" query can detect potentially malicious to modification and/or disabling of logging via the auditpol utility. The coverage for these queries is minimal (specific to Audit policy) resulting in an overall Minimal score.", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "The Azure Sentinel Hunting \"Azure Sentinel Analytics Rules Administrative Operations\" query can identify potential attempts to impair defenses by changing or deleting detection analytics.\nThe Azure Sentinel Analytics \"Azure DevOps - Retention Reduced to Zero\" query can identify that an adversary is looking to reduce their malicious activity's footprint by preventing retention of artifacts. Control is specific to indicators produced by Azure DevOps. The coverage for these queries is minimal resulting in an overall Minimal score.", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "The following Azure Sentinel Hunting queries can identify potentially malicious modifications to cloud firewall resources: \"Azure Network Security Group NSG Administrative Operations\" query can identify potential defensive evasion involving changing or disabling network access rules. \"Port opened for an Azure Resource\" may indicate an adversary increasing the accessibility of a resource for easier collection/exfiltration.\nThe Azure Sentinel Analytics \"Security Service Registry ACL Modification\" query can detect attempts to modify registry ACLs, potentially done to evade security solutions.", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1562"}, {"comments": "The Azure Sentinel Analytics \"Exchange AuditLog disabled\" query can detect potentially malicious disabling of Exchange logs. The Azure Sentinel Analytics \"Azure DevOps Audit Stream Disabled\" query can identify disabling of Azure DevOps log streaming. The coverage for these queries is minimal (specific to these technologies) resulting in an overall Minimal score.", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Hunting \"Potential DGA detected\" query can detect clients with a high NXDomain count, which might indicate an adversary cycling through possible C2 domains where most C2s are not live.\nThe following Azure Sentinel Analytics queries can identify potential use of domain generation algorithms: \"Possible contact with a domain generated by a DGA\" and \"Potential DGA detected\" within DNS.", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1568"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following Azure Sentinel Analytics queries can identify potentially malicious use of Outlook rules: \"Office policy tampering\", \"Malicious Inbox Rule\" which can detect rules intended to delete emails that contain certain keywords (generally meant to warn compromised users about adversary behaviors), and \"Mail redirect via ExO transport rule\" (potentially to an adversary mailbox configured to collect mail).", "attack-object-id": "T1137.005", "attack-object-name": "Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1137"}, {"comments": "The Azure Sentinel Hunting \"Previously unseen bot or applicaiton added to Teams\" [sic] query can detect the addition of a potentially malicious add-in, but is specific to Microsoft Teams.", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1137"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1140", "attack-object-name": "Deobfuscate/Decode Files or Information", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Azure Sentinel Analytics includes a \"Potential Kerberoasting\" query. Kerberoasting via Empire can also be detected using the Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query.", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1558"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect execution of these sub-techniques via Empire, but does not address other procedures.", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1558"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect execution of these sub-techniques via Empire, but does not address other procedures.", "attack-object-id": "T1558.002", "attack-object-name": "Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1558"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Hunting \"anomalous RDP Activity\" query can detect potential lateral\nmovement employing RDP.\n\nThe following Azure Sentinel Analytics queries can identify potentially malicious use\nof RDP:\n\"Anomalous RDP Login Detections\", \"Multiple RDP connections from Single Systems\",\n\"Rare RDP Connections\", and \"RDP Nesting\".", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "The Azure Sentinel Hunting \"Anomalous Resource Access\" query can identify potential lateral movement via use of valid accounts to access network shares (Windows Event 4624:3).", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1021"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can utilize Invoke-DCOM to leverage remote COM execution for lateral movement, but does not address other procedures.", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1021"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which contains modules for executing commands over SSH as well as in-memory VNC agent injection, but does not address other procedures. Azure Sentinel Analytics also provides a \"New internet-exposed SSH endpoints\" query.\nThe coverage for these queries is minimal resulting in an overall Minimal score.", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1021"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Azure DevOps - Variable Secret Not Secured\" query can identify credentials stored in the build process and protect against future credential access by suggesting that they be moved to a secret or stored in KeyVault before they can be accessed by an adversary.\nThe coverage for these queries is minimal resulting in an overall Minimal score.", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1552"}, {"comments": "The Azure Sentinel Hunting \"Query looking for secrets\" query can identify potentially malicious database requests for secrets like passwords or other credentials.\nThe Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can use various modules to search for files containing passwords, but does not address other procedures.\nThe coverage for these queries is minimal resulting in an overall Minimal score.", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1552"}, {"comments": "The Azure Sentinel Analytics \"ADFS DKM Master Key Export\" and \"ADFS Key Export (Sysmon)\" queries can detect potentially malicious access intended to decrypt access tokens. The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can use modules to extract private key and session information, but does not address other procedures.\nThe coverage for these queries is minimal (specific to Empire, ADFS) resulting in an overall Minimal score.", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1552"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1590", "attack-object-name": "Gather Victim Network Information", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Rare client observed with high reverse DNS lookup count\" query can detect if a particular IP is observed performing an unusually high number of reverse DNS lookups and has not been observed doing so previously.", "attack-object-id": "T1590.002", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1590"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which includes various modules to attempt to bypass UAC for privilege escalation, but does not address other procedures.", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1548"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can be used to make tokens via Invoke-RunAs and add a SID-History to a user if on a domain controller, but does not address other procedures.", "attack-object-id": "T1134.002", "attack-object-name": "Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1134"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can be used to make tokens via Invoke-RunAs and add a SID-History to a user if on a domain controller, but does not address other procedures.", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1134"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Hunting \"Enumeration of users and groups\" query can identify potentially malicious account discovery through the use of the net tool.\nThe Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can acquire local and domain user account information, but does not address other procedures.", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1087"}, {"comments": "The Azure Sentinel Hunting \"Enumeration of users and groups\" query can identify potentially malicious account discovery through the use of the net tool.\nThe Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can acquire local and domain user account information, but does not address other procedures.", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1087"}, {"comments": "The Azure Sentinel Analytics \"Mail.Read Permissions Granted to Application\" query can identify applications that may have been abused to gain access to mailboxes.", "attack-object-id": "T1087.003", "attack-object-name": "Email Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1087"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can enumerate SSPs, install malicious SSPs, persist by modifying .lnk files to include backdoors, and modify the registry run keys, but does not address other procedures.", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1547"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can enumerate SSPs, install malicious SSPs, persist by modifying .lnk files to include backdoors, and modify the registry run keys, but does not address other procedures.", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1547"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can enumerate SSPs, install malicious SSPs, persist by modifying .lnk files to include backdoors, and modify the registry run keys, but does not address other procedures.", "attack-object-id": "T1547.001", "attack-object-name": "Registry Run Keys / Startup Folder", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1547"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1217", "attack-object-name": "Browser Bookmark Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1115", "attack-object-name": "Clipboard Data", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can modify service binaries and restore them to their original states, but does not address other procedures.", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1543"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can extract passwords from common web browsers including Firefox and Chrome, but does not address other procedures.", "attack-object-id": "T1555.003", "attack-object-name": "Credentials from Web Browsers", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1555"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can modify group policy objects to install and execute malicious scheduled tasks, but does not address other procedures.", "attack-object-id": "T1484.001", "attack-object-name": "Group Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1484"}, {"comments": "The Azure Sentinel Analytics \"Modified Domain Federation Trust Settings\" query can detect potentially malicious changes to domain trust settings.", "attack-object-id": "T1484.002", "attack-object-name": "Domain Trust Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1484"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can leverage WMI debugging to remotely replace binaries like seth.exe, utilman.exe, and magnify.exe with cmd.exe, but does not address other procedures.", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1546"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can discover and exploit DLL hijacking opportunities, path interception opportunities in the PATH environment variable, search order hijacking vulnerabilities, and unquoted path vulnerabilities, but does not address other procedures.", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1574"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can discover and exploit DLL hijacking opportunities, path interception opportunities in the PATH environment variable, search order hijacking vulnerabilities, and unquoted path vulnerabilities, but does not address other procedures.", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1574"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can discover and exploit DLL hijacking opportunities, path interception opportunities in the PATH environment variable, search order hijacking vulnerabilities, and unquoted path vulnerabilities, but does not address other procedures.", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1574"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can discover and exploit DLL hijacking opportunities, path interception opportunities in the PATH environment variable, search order hijacking vulnerabilities, and unquoted path vulnerabilities, but does not address other procedures.", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1574"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1056", "attack-object-name": "Input Capture", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which includes keylogging capabilities for both Windows and Linux and contains modules that leverage API hooking to carry out tasks, but does not address other procedures.", "attack-object-id": "T1056.001", "attack-object-name": "Keylogging", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1056"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which includes keylogging capabilities for both Windows and Linux and contains modules that leverage API hooking to carry out tasks, but does not address other procedures.", "attack-object-id": "T1056.004", "attack-object-name": "Credential API Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1056"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can use Inveigh to conduct name service poisoning for credential theft and associated relay attacks, but does not address other procedures.", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1557"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which contains an implementation of Mimikatz to gather credentials from memory, but does not address other procedures.", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1003"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1057", "attack-object-name": "Process Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Hunting \"Editing Linux scheduled tasks through Crontab\" query can detect potentially malicious modification of cron jobs.", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1053"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can interact with the Windows task scheduler, but does not address other procedures.", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1053"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1113", "attack-object-name": "Screen Capture", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1518", "attack-object-name": "Software Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can enumerate antivirus software on the target, but does not address other procedures.", "attack-object-id": "T1518.001", "attack-object-name": "Security Software Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1518"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1082", "attack-object-name": "System Information Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1016", "attack-object-name": "System Network Configuration Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1049", "attack-object-name": "System Network Connections Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can use PsExec to execute a payload on a remote host, but does not address other procedures.", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1569"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can use abuse trusted utilities including MSBuild.exe, but does not address other procedures.", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1127"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Azure DevOps - PAT used with Browser.\" query can identify potentially malicious usage of Personal Access Tokens intended for code or applications to be used through the web browser.", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1550"}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can perform pass the hash attacks, but does not address other procedures.", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1550"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1125", "attack-object-name": "Video Capture", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Powershell Empire cmdlets seen in command line\" query can detect the use of Empire, which can use Dropbox and GitHub for command and control, but does not address other procedures.", "attack-object-id": "T1102.002", "attack-object-name": "Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1102"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1074", "attack-object-name": "Data Staged", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Analytics \"Malware in the recycle bin\" query can detect local hidden malware.", "attack-object-id": "T1074.001", "attack-object-name": "Local Data Staging", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1074"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Hunting \"Exes with double file extension and access summary\" can identify malicious executable files that have been hidden as other file types.", "attack-object-id": "T1036.004", "attack-object-name": "Masquerade Task or Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1036"}, {"comments": "The Azure Sentinel Hunting \"Masquerading Files\" and \"Rare Process Path\" queries can detect an adversary attempting to make malicious activity blend in with legitimate commands and files. The Azure Sentinel Hunting \"Azure DevOps Display Name Changes\" query can detect potentially maliicous changes to the DevOps user display name.", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1036"}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following capabilities of Azure Sentinel were mapped: Default list of Azure Sentinel Analytics (from the rule template list) Default list of Azure Sentinel Hunting queries\nQueries based on 3rd party analytics and/or specific IOC information were omitted from this mapping. Query names are identified in quotes throughout this mapping.\nAzure Sentinel Analytics queries are generally periodic, typically on a period of one or more hours.\nAzure Sentinel Hunting queries are performed on demand. Note also that a number of the Hunting queries are examples that can be modified for additional use, but scoring was performed on the queries as-written.", "attack-object-id": "T1069", "attack-object-name": "Permission Groups Discovery", "references": ["https://docs.microsoft.com/en-us/azure/sentinel/overview", "https://docs.microsoft.com/en-us/azure/sentinel/hunting"], "tags": ["Analytics", "Threat Hunting"], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The Azure Sentinel Hunting \"Enumeration of users and groups\" query can identify potentially malicious group discovery through the use of the net tool.", "attack-object-id": "T1069.002", "attack-object-name": "Domain Groups", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1069"}, {"comments": "The Azure Sentinel Hunting \"Enumeration of users and groups\" query can identify potentially malicious group discovery through the use of the net tool.", "attack-object-id": "T1069.001", "attack-object-name": "Local Groups", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Sentinel", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1069"}, {"comments": "Most scores have been assessed as Partial because this control increases the strength of user passwords thereby reducing the likelihood of a successful brute force attack. But given sufficient resources, an adversary may still successfully execute the attack vectors included in this mapping.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts"], "tags": ["Azure Active Directory", "Credentials", "Identity", "Passwords"], "mapping-description": "", "capability-id": "Azure AD Password Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "The password restrictions provided by the default Password policy along with the lockout threshold and duration settings is an effective protection against this Password Guessing sub-technique.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Password Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "The password restrictions provided by the default Password policy can provide partial protection against password cracking but a determined adversary with sufficient resources can still be successful with this attack vector.\nIn regards to Credential Stuffing, the password policy's lockout threshold can be partially effective in mitigating this sub-technique as it may lock the account before the correct credential is attempted. Although with credential stuffing, the number of passwords attempted for an account is often (much) fewer than with Password Guessing reducing the effectiveness of a lockout threshold. This led to its score being assessed as Partial rather than Significant (as was assessed for Password Guessing).", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Password Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "The password restrictions provided by the default Password policy can provide partial protection against password cracking but a determined adversary with sufficient resources can still be successful with this attack vector.\nIn regards to Credential Stuffing, the password policy's lockout threshold can be partially effective in mitigating this sub-technique as it may lock the account before the correct credential is attempted. Although with credential stuffing, the number of passwords attempted for an account is often (much) fewer than with Password Guessing reducing the effectiveness of a lockout threshold. This led to its score being assessed as Partial rather than Significant (as was assessed for Password Guessing).", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Password Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The following alert of this control is able to detect domain account discovery: \"Account enumeration reconnaissance (external ID 2003)\". This shouldn't occur frequently and therefore the false positive rate should be minimal.\nThe \"Security principal reconnaissance (LDAP) (external ID 2038)\" alert is also relevant and its machine learning capabilities should reduce the false positive rate.\nThe \"User and IP address reconnaissance (SMB) (external ID 2012)\" alert can also provide a detection on a variation of this sub-technique.", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1087"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1069", "attack-object-name": "Permission Groups Discovery", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Security principal reconnaissance (LDAP) (external ID 2038)\" alert can be used to detect when an adversary \"perform suspicious LDAP enumeration queries or queries targeted to sensitive groups that use methods not previously observed.\" This alert employs machine learning which should reduce the number of false positives.\nAdditionally, this control's \"User and Group membership reconnaissance (SAMR) (external ID 2021)\" alert can detect this sub-technique and also employs machine learning which should reduce the false-positive rate.", "attack-object-id": "T1069.002", "attack-object-name": "Domain Groups", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1069"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's \"Suspected identity theft (pass-the-hash) (external ID 2017)\" alert specifically looks for pass-the-hash attacks but there is not enough information to determine its effectiveness and therefore a conservative assessment of a Partial score is assigned.\nThis control's \"Suspected identity theft (pass-the-ticket) (external ID 2018)\" alert specifically looks for pass-the-ticket attacks but there is not enough information to determine its effectiveness and therefore a conservative assessment of a Partial score is assigned.", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1550"}, {"comments": "This control's \"Suspected identity theft (pass-the-hash) (external ID 2017)\" alert specifically looks for pass-the-hash attacks but there is not enough information to determine its effectiveness and therefore a conservative assessment of a Partial score is assigned.\nThis control's \"Suspected identity theft (pass-the-ticket) (external ID 2018)\" alert specifically looks for pass-the-ticket attacks but there is not enough information to determine its effectiveness and therefore a conservative assessment of a Partial score is assigned.", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1550"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Suspected NTLM relay attack (Exchange account) (external ID 2037)\" alert can detect NTLM relay attack specific to the Exchange service. Because this detection is limited to this variation of the sub-technique, its coverage score is Minimal resulting in an overall Minimal score.", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1557"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's \"Suspected Brute Force attack (Kerberos, NTLM) (external ID 2023)\" alert can detect these brute force sub-techniques. It incorporates a machine learning feature that should reduce the number of false positives.\nSimilarly, its \"Suspected Brute Force attack (LDAP) (external ID 2004)\" alert can detect brute force attacks using LDAP simple binds.\nThe \"Suspected Brute Force attack (SMB) (external ID 2033)\" alert is also relevant but the details are sparse.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control's \"Suspected Brute Force attack (Kerberos, NTLM) (external ID 2023)\" alert can detect these brute force sub-techniques. It incorporates a machine learning feature that should reduce the number of false positives.\nSimilarly, its \"Suspected Brute Force attack (LDAP) (external ID 2004)\" alert can detect brute force attacks using LDAP simple binds.\nThe \"Suspected Brute Force attack (SMB) (external ID 2033)\" alert is also relevant but the details are sparse.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's \"Suspected Kerberos SPN exposure (external ID 2410)\" alert is able to detect when an attacker use tools to enumerate service accounts and their respective SPNs (Service principal names), request a Kerberos service ticket for the services, capture the Ticket Granting Service (TGS) tickets from memory and extract their hashes, and save them for later use in an offline brute force attack. \nSimilarly its \"Suspected AS-REP Roasting attack (external ID 2412)\" alert is able to detect AS-REP Roasting sub-technique.\nThe accuracy of these alerts is unknown and therefore its score has been assessed as Partial.", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1558"}, {"comments": "This control's \"Suspected Kerberos SPN exposure (external ID 2410)\" alert is able to detect when an attacker use tools to enumerate service accounts and their respective SPNs (Service principal names), request a Kerberos service ticket for the services, capture the Ticket Granting Service (TGS) tickets from memory and extract their hashes, and save them for later use in an offline brute force attack. \nSimilarly its \"Suspected AS-REP Roasting attack (external ID 2412)\" alert is able to detect AS-REP Roasting sub-technique.\nThe accuracy of these alerts is unknown and therefore its score has been assessed as Partial.", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1558"}, {"comments": "This control has numerous alerts that can detect Golden Ticket attacks from multiple perspectives. The accuracy of these alerts is unknown resulting in a partial score.", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1558"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Malicious request of Data Protection API master key (external ID 2020)\" alert can be used to detect when an attacker attempts to utilize the Data Protection API (DPAPI) to decrypt sensitive data using the backup of the master key stored on domain controllers. DPAPI is used by Windows to securely protect passwords saved by browsers, encrypted files, and other sensitive data. This alert is specific to using DPAPI to retrieve the master backup key and therefore provides minimal coverage resulting in a Minimal score.", "attack-object-id": "T1555.003", "attack-object-name": "Credentials from Web Browsers", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1555"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Remote code execution attempt (external ID 2019)\" alert can detect Remote code execution via Powershell. This may lead to false positives as administrative workstations, IT team members, and service accounts can all perform legitimate administrative tasks against domain controllers. Additionally, this alert seems to be specific to detecting execution on domain controllers and AD FS servers, limiting its coverage.", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1059"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Remote code execution attempt (external ID 2019)\" alert can detect Remote code execution via Psexec. This may lead to false positives as administrative workstations, IT team members, and service accounts can all perform legitimate administrative tasks against domain controllers. Additionally, this alert seems to be specific to detecting execution on domain controllers and AD FS servers, limiting its coverage.\nThis control's \"Data exfiltration over SMB (external ID 2030)\" alert may also be able to detect exfiltration of sensitive data on domain controllers using SMB.\n", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1021"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Remote code execution attempt (external ID 2019)\" alert can detect Remote code execution via Psexec. This may lead to false positives as administrative workstations, IT team members, and service accounts can all perform legitimate administrative tasks against domain controllers. Additionally, this alert seems to be specific to detecting execution on domain controllers and AD FS servers, limiting its coverage.", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1569"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1207", "attack-object-name": "Rogue Domain Controller", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Suspected DCSync attack (replication of directory services) (external ID 2006)\" alert can detect DCSync attacks. The false positive rate should be low due to the identity of domain controllers on the network changing infrequently and therefore replication requests received from non-domain controllers should be a red flag.", "attack-object-id": "T1003.006", "attack-object-name": "DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1003"}, {"comments": "The documentation for this control's \"Data exfiltration over SMB (external ID 2030)\" alert implies that it may be able to detect the transfer of sensitive data such as the Ntds.dit on monitored domain controllers. This is specific to domain controllers and therefore results in a reduced coverage score.", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1003"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Suspected skeleton key attack (encryption downgrade) (external ID 2010)\" alert can detect skeleton attacks. This alert provides partial protection as it detects on a specific type of malware, Skeleton malware, and its usage of weaker encryption algorithms to hash the user's passwords on the domain controller. The description of the alert implies it utilizes machine learning to look for anomalous usage of weak encryption algorithms which should result in a reduced false positive rate.", "attack-object-id": "T1556.001", "attack-object-name": "Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1556"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Suspicious service creation (external ID 2026)\" alert is able to detect suspicious service creation on a domain controller or AD FS server in your organization. As a result of this detecting being specific to these hosts, the coverage score is Minimal resulting in Minimal detection.", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1543"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Suspicious communication over DNS (external ID 2031)\" alert can detect malicious communication over DNS used for data exfiltration, command, and control, and/or evading corporate network restrictions. The accuracy of this control is unknown and therefore its score has been assessed as Partial.", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "Understandably (to avoid enabling adversaries to circumvent the detection), many of the detections provided by this control do not provide a detailed description of the detection logic making it often times difficult to map to ATT&CK Techniques.", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://docs.microsoft.com/en-us/defender-for-identity/what-is"], "tags": ["Credentials", "DNS", "Identity", "Microsoft 365 Defender", "Windows"], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Suspicious communication over DNS (external ID 2031)\" alert can detect malicious communication over DNS used for data exfiltration, command, and control, and/or evading corporate network restrictions. The accuracy of this control is unknown and therefore its score has been assessed as Partial.", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Defender for Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "This control provides alerts for suspicious activity for Azure Key Vault. Documentation has been offered on how to respond to alerts but no specific tool or feature is offered for response. ", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-key-vault-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurekv"], "tags": ["Azure Defender", "Azure Security Center Recommendation", "Credentials"], "mapping-description": "", "capability-id": "Azure Defender for Key Vault", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control provides alerts for suspicious activity for Azure Key Vault. Documentation has been offered on how to respond to alerts but no specific tool or feature is offered for response. ", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-key-vault-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurekv"], "tags": ["Azure Defender", "Azure Security Center Recommendation", "Credentials"], "mapping-description": "", "capability-id": "Azure Defender for Key Vault", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-kubernetes-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-akscluster"], "tags": ["Azure Defender", "Azure Security Center Recommendation", "Containers"], "mapping-description": "", "capability-id": "Azure Defender for Kubernetes", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-kubernetes-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-akscluster"], "tags": ["Azure Defender", "Azure Security Center Recommendation", "Containers"], "mapping-description": "", "capability-id": "Azure Defender for Kubernetes", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-kubernetes-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-akscluster"], "tags": ["Azure Defender", "Azure Security Center Recommendation", "Containers"], "mapping-description": "", "capability-id": "Azure Defender for Kubernetes", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-kubernetes-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-akscluster"], "tags": ["Azure Defender", "Azure Security Center Recommendation", "Containers"], "mapping-description": "", "capability-id": "Azure Defender for Kubernetes", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-application"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender for Servers"], "mapping-description": "", "capability-id": "Adaptive Application Controls", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Once this control is activated, it generates alerts for any executable that has been run and is not included in an allow list. There is a significant potential for false positives from new non-malicious executables, and events are calculated once every twelve hours, so its temporal score is Partial.", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "Adaptive Application Controls", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1204"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-application"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender for Servers"], "mapping-description": "", "capability-id": "Adaptive Application Controls", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Once this control is activated, it generates alerts for any executable that is run and is not included in an allow list. Path-based masquerading may subvert path-based rules within this control, resulting in false negatives, but hash and publisher-based rules will still detect untrusted executables. Events are calculated once every twelve hours, so its temporal score is Partial.", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "Adaptive Application Controls", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1036"}, {"comments": "Once this control is activated, it generates alerts for any executable that is run and is not included in an allow list. Malicious files of this type would be unlikely to evade detection from any form of allow list. Events are calculated once every twelve hours, so its temporal score is Partial.", "attack-object-id": "T1036.006", "attack-object-name": "Space after Filename", "references": [], "tags": [], "mapping-description": "", "capability-id": "Adaptive Application Controls", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1036"}, {"comments": "Once this control is activated, it generates alerts for any executable that is run and is not included in an allow list. Because signatures generated via this technique are not valid, these malicious executables would be detected via any form of allow list, including publisher-based. Events are calculated once every twelve hours, so its temporal score is Partial.", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "Adaptive Application Controls", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1036"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-application"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender for Servers"], "mapping-description": "", "capability-id": "Adaptive Application Controls", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Once this control is activated, it generates alerts for any executable that is run and is not included in an allow list. While publisher-based allow lists may fail to detect malicious executables with valid signatures, hash and path-based rules will still detect untrusted executables. Events are calculated once every twelve hours, so its temporal score is Partial.", "attack-object-id": "T1553.002", "attack-object-name": "Code Signing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Adaptive Application Controls", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1553"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-application"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender for Servers"], "mapping-description": "", "capability-id": "Adaptive Application Controls", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Note that MFA that is triggered in response to privileged operations (such as assigning a user a privileged role) are considered functionality of the Azure AD Privileged Identity Management control. Consult the mapping for this control for the ATT&CK (sub-)techniques it maps to. This mapping specifically deals with MFA when it is enabled as a security default.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Credentials", "Identity", "Passwords", "MFA"], "mapping-description": "", "capability-id": "Azure AD Multi-Factor Authentication", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "MFA can significantly reduce the impact of a password compromise, requiring the adversary to complete an additional authentication method before their access is permitted.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Multi-Factor Authentication", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "MFA can significantly reduce the impact of a password compromise, requiring the adversary to complete an additional authentication method before their access is permitted.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Multi-Factor Authentication", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "MFA can significantly reduce the impact of a password compromise, requiring the adversary to complete an additional authentication method before their access is permitted.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Multi-Factor Authentication", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "Note that MFA that is triggered in response to privileged operations (such as assigning a user a privileged role) are considered functionality of the Azure AD Privileged Identity Management control. Consult the mapping for this control for the ATT&CK (sub-)techniques it maps to. This mapping specifically deals with MFA when it is enabled as a security default.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Credentials", "Identity", "Passwords", "MFA"], "mapping-description": "", "capability-id": "Azure AD Multi-Factor Authentication", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "MFA can provide protection against an adversary that obtains valid credentials by requiring the adversary to complete an additional authentication process before access is permitted. This is an incomplete protection measure though as the adversary may also have obtained credentials enabling bypassing the additional authentication method. ", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Multi-Factor Authentication", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "This is a private network service, allowing connections between Azure, on-prem, and 3rd party services without traversing the Internet. Generally this reduces risk from MiTM, DOS, network-based data manipulation and network sniffing from untrusted network.", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": ["https://docs.microsoft.com/azure/private-link/private-link-overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control reduces the likelihood of MiTM for traffic between remote users, cloud, and 3rd parties by routing the traffic via the Microsoft backbone rather than over the Internet.", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1557"}, {"comments": "This control reduces the likelihood of MiTM for traffic between remote users, cloud, and 3rd parties by routing the traffic via the Microsoft backbone rather than over the Internet.", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1557"}, {"comments": "This is a private network service, allowing connections between Azure, on-prem, and 3rd party services without traversing the Internet. Generally this reduces risk from MiTM, DOS, network-based data manipulation and network sniffing from untrusted network.", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": ["https://docs.microsoft.com/azure/private-link/private-link-overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control reduces the likelihood of data manipulation for traffic between remote users, cloud, and 3rd parties by routing the traffic via the Microsoft backbone rather than over the Internet.", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1565"}, {"comments": "This is a private network service, allowing connections between Azure, on-prem, and 3rd party services without traversing the Internet. Generally this reduces risk from MiTM, DOS, network-based data manipulation and network sniffing from untrusted network.", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://docs.microsoft.com/azure/private-link/private-link-overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "This is a private network service, allowing connections between Azure, on-prem, and 3rd party services without traversing the Internet. Generally this reduces risk from MiTM, DOS, network-based data manipulation and network sniffing from untrusted network.", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": ["https://docs.microsoft.com/azure/private-link/private-link-overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1498"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1498"}, {"comments": "This is a private network service, allowing connections between Azure, on-prem, and 3rd party services without traversing the Internet. Generally this reduces risk from MiTM, DOS, network-based data manipulation and network sniffing from untrusted network.", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.microsoft.com/azure/private-link/private-link-overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Private Link", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Note there is also a Managed HSM service.", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://docs.microsoft.com/en-us/azure/dedicated-hsm/overview", "https://docs.microsoft.com/en-us/azure/key-vault/managed-hsm/"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Azure Dedicated HSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Provides significant protection of private keys.", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Dedicated HSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1552"}, {"comments": "Note there is also a Managed HSM service.", "attack-object-id": "T1588", "attack-object-name": "Obtain Capabilities", "references": ["https://docs.microsoft.com/en-us/azure/dedicated-hsm/overview", "https://docs.microsoft.com/en-us/azure/key-vault/managed-hsm/"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Azure Dedicated HSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Certificate credentials can be vaulted in an HSM thereby reducing its attack surface.", "attack-object-id": "T1588.004", "attack-object-name": "Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Dedicated HSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1588"}, {"comments": "Certificate credentials can be vaulted in an HSM thereby reducing its attack surface.", "attack-object-id": "T1588.003", "attack-object-name": "Code Signing Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Dedicated HSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1588"}, {"comments": "Note there is also a Managed HSM service.", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": ["https://docs.microsoft.com/en-us/azure/dedicated-hsm/overview", "https://docs.microsoft.com/en-us/azure/key-vault/managed-hsm/"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Azure Dedicated HSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Certificate credentials can be vaulted in an HSM thereby reducing its attack surface.", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Dedicated HSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1553"}, {"comments": "Certificate credentials can be vaulted in an HSM thereby reducing its attack surface.", "attack-object-id": "T1553.002", "attack-object-name": "Code Signing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Dedicated HSM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1553"}, {"comments": "This control generally applies to techniques that leverage vulnerabilities in unpatched software, which can be specific techniques sub-techniques. ", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": ["https://docs.microsoft.com/en-us/azure/automation/update-management/overview"], "tags": ["Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides coverage of some aspects of software supply chain compromise since it enables automated updates of software and rapid configuration change management.", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1195"}, {"comments": "This control provides coverage of some aspects of software supply chain compromise since it enables automated updates of software and rapid configuration change management.", "attack-object-id": "T1195.001", "attack-object-name": "Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1195"}, {"comments": "This control generally applies to techniques that leverage vulnerabilities in unpatched software, which can be specific techniques sub-techniques. ", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": ["https://docs.microsoft.com/en-us/azure/automation/update-management/overview"], "tags": ["Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control generally applies to techniques that leverage vulnerabilities in unpatched software, which can be specific techniques sub-techniques. ", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/automation/update-management/overview"], "tags": ["Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control generally applies to techniques that leverage vulnerabilities in unpatched software, which can be specific techniques sub-techniques. ", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": ["https://docs.microsoft.com/en-us/azure/automation/update-management/overview"], "tags": ["Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control generally applies to techniques that leverage vulnerabilities in unpatched software, which can be specific techniques sub-techniques. ", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/automation/update-management/overview"], "tags": ["Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control generally applies to techniques that leverage vulnerabilities in unpatched software, which can be specific techniques sub-techniques. ", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/automation/update-management/overview"], "tags": ["Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control generally applies to techniques that leverage vulnerabilities in unpatched software, which can be specific techniques sub-techniques. ", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://docs.microsoft.com/en-us/azure/automation/update-management/overview"], "tags": ["Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control generally applies to techniques that leverage vulnerabilities in unpatched software, which can be specific techniques sub-techniques. ", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://docs.microsoft.com/en-us/azure/automation/update-management/overview"], "tags": ["Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control generally applies to techniques that leverage vulnerabilities in unpatched software, which can be specific techniques sub-techniques. ", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://docs.microsoft.com/en-us/azure/automation/update-management/overview"], "tags": ["Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides significant protection against Denial of Service (DOS) attacks that leverage system/application vulnerabilities as opposed to volumetric attacks since it enables automated updates of software and rapid configuration change management.", "attack-object-id": "T1499.004", "attack-object-name": "Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1499"}, {"comments": "This control generally applies to techniques that leverage vulnerabilities in unpatched software, which can be specific techniques sub-techniques. ", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": ["https://docs.microsoft.com/en-us/azure/automation/update-management/overview"], "tags": ["Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control generally applies to techniques that leverage vulnerabilities in unpatched software, which can be specific techniques sub-techniques. ", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": ["https://docs.microsoft.com/en-us/azure/automation/update-management/overview"], "tags": ["Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Automation Update Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1584", "attack-object-name": "Compromise Infrastructure", "references": ["https://docs.microsoft.com/en-us/azure/dns/dns-alias#prevent-dangling-dns-records"], "tags": ["DNS", "Network"], "mapping-description": "", "capability-id": "Azure DNS Alias Records", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Alias records prevent dangling references by tightly coupling the life cycle of a DNS record with an Azure resource. For example, consider a DNS record that's qualified as an alias record to point to a public IP address or a Traffic Manager profile. If you delete those underlying resources, the DNS alias record becomes an empty record set. It no longer references the deleted resource. This control is effective for protecting DNS records that resolve to Azure resources but does not offer protection for records pointing to non-Azure resources, resulting in a Partial score.", "attack-object-id": "T1584.001", "attack-object-name": "Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure DNS Alias Records", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1584"}, {"comments": "RBAC enables organizations to limit the number of users within the organization with an IAM role that has administrative privileges. This enables limiting the number of users within the tenant that have privileged access thereby resulting in a reduced attack surface and a coverage score factor of Partial. Most sub-techniques have been scored as Partial for this reason.", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://docs.microsoft.com/en-us/azure/role-based-access-control/overview"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Identity"], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can be used to implement the least-privilege principle for account management and thereby limit the accounts that can be used for account discovery.", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1087"}, {"comments": "RBAC enables organizations to limit the number of users within the organization with an IAM role that has administrative privileges. This enables limiting the number of users within the tenant that have privileged access thereby resulting in a reduced attack surface and a coverage score factor of Partial. Most sub-techniques have been scored as Partial for this reason.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/role-based-access-control/overview"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Identity"], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can be used to implement the least-privilege principle for account management and thereby limit what an adversary can do with a valid account.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "RBAC enables organizations to limit the number of users within the organization with an IAM role that has administrative privileges. This enables limiting the number of users within the tenant that have privileged access thereby resulting in a reduced attack surface and a coverage score factor of Partial. Most sub-techniques have been scored as Partial for this reason.", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": ["https://docs.microsoft.com/en-us/azure/role-based-access-control/overview"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Identity"], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can create accounts.", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1136"}, {"comments": "RBAC enables organizations to limit the number of users within the organization with an IAM role that has administrative privileges. This enables limiting the number of users within the tenant that have privileged access thereby resulting in a reduced attack surface and a coverage score factor of Partial. Most sub-techniques have been scored as Partial for this reason.", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/role-based-access-control/overview"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Identity"], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can modify accounts.", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1098"}, {"comments": "This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can modify accounts.", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1098"}, {"comments": "RBAC enables organizations to limit the number of users within the organization with an IAM role that has administrative privileges. This enables limiting the number of users within the tenant that have privileged access thereby resulting in a reduced attack surface and a coverage score factor of Partial. Most sub-techniques have been scored as Partial for this reason.", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": ["https://docs.microsoft.com/en-us/azure/role-based-access-control/overview"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Identity"], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can perform these privileged operations.", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1578"}, {"comments": "This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can perform these privileged operations.", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1578"}, {"comments": "This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can perform these privileged operations.", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1578"}, {"comments": "This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can perform these privileged operations.", "attack-object-id": "T1578.004", "attack-object-name": "Revert Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1578"}, {"comments": "RBAC enables organizations to limit the number of users within the organization with an IAM role that has administrative privileges. This enables limiting the number of users within the tenant that have privileged access thereby resulting in a reduced attack surface and a coverage score factor of Partial. Most sub-techniques have been scored as Partial for this reason.", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://docs.microsoft.com/en-us/azure/role-based-access-control/overview"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Identity"], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "RBAC enables organizations to limit the number of users within the organization with an IAM role that has administrative privileges. This enables limiting the number of users within the tenant that have privileged access thereby resulting in a reduced attack surface and a coverage score factor of Partial. Most sub-techniques have been scored as Partial for this reason.", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": ["https://docs.microsoft.com/en-us/azure/role-based-access-control/overview"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Identity"], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "RBAC enables organizations to limit the number of users within the organization with an IAM role that has administrative privileges. This enables limiting the number of users within the tenant that have privileged access thereby resulting in a reduced attack surface and a coverage score factor of Partial. Most sub-techniques have been scored as Partial for this reason.", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.microsoft.com/en-us/azure/role-based-access-control/overview"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Identity"], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "RBAC enables organizations to limit the number of users within the organization with an IAM role that has administrative privileges. This enables limiting the number of users within the tenant that have privileged access thereby resulting in a reduced attack surface and a coverage score factor of Partial. Most sub-techniques have been scored as Partial for this reason.", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://docs.microsoft.com/en-us/azure/role-based-access-control/overview"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Identity"], "mapping-description": "", "capability-id": "Role Based Access Control", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is still in preview, so its coverage will likely expand in the future. This mapping is based on its current (preview) state.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/other-threat-protections", "https://docs.microsoft.com/en-us/azure/cosmos-db/cosmos-db-advanced-threat-protection"], "tags": ["Azure Security Center", "Database"], "mapping-description": "", "capability-id": "Alerts for Azure Cosmos DB", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control triggers an alert when there is a change in the access pattern to an Azure Cosmos account based on access from an unusual geographical location. False positives are fairly likely and misuse from a typical location is not covered, so score is Minimal. Relevant alert is \"Access from an unusual location to a Cosmos DB account\"", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for Azure Cosmos DB", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1078"}, {"comments": "This control is still in preview, so its coverage will likely expand in the future. This mapping is based on its current (preview) state.", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/other-threat-protections", "https://docs.microsoft.com/en-us/azure/cosmos-db/cosmos-db-advanced-threat-protection"], "tags": ["Azure Security Center", "Database"], "mapping-description": "", "capability-id": "Alerts for Azure Cosmos DB", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This control may detect changes to the Windows registry upon creation or modification of scheduled tasks. This control may also detect changes to files used by cron or systemd to create/modify scheduled tasks. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1053.001", "attack-object-name": "At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1053"}, {"comments": "This control may detect changes to the Windows registry upon creation or modification of scheduled tasks. This control may also detect changes to files used by cron or systemd to create/modify scheduled tasks. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1053.002", "attack-object-name": "At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1053"}, {"comments": "This control may detect changes to the Windows registry upon creation or modification of scheduled tasks. This control may also detect changes to files used by cron or systemd to create/modify scheduled tasks. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1053.003", "attack-object-name": "Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1053"}, {"comments": "This control may detect changes to the Windows registry upon creation or modification of scheduled tasks. This control may also detect changes to files used by cron or systemd to create/modify scheduled tasks. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1053"}, {"comments": "This control may detect changes to the Windows registry upon creation or modification of scheduled tasks. This control may also detect changes to files used by cron or systemd to create/modify scheduled tasks. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1053.006", "attack-object-name": "Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1053"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect changes to the SSH authorized keys file which may indicate establishment of persistence. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1098"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may detect changes to the Windows registry or files that enable Boot or Logon Autostart Execution. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1547.001", "attack-object-name": "Registry Run Keys / Startup Folder", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "This control may detect changes to the Windows registry or files that enable Boot or Logon Autostart Execution. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1547.002", "attack-object-name": "Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "This control may detect changes to the Windows registry or files that enable Boot or Logon Autostart Execution. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1547.003", "attack-object-name": "Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "This control may detect changes to the Windows registry or files that enable Boot or Logon Autostart Execution. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1547.004", "attack-object-name": "Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "This control may detect changes to the Windows registry or files that enable Boot or Logon Autostart Execution. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "This control may detect changes to the Windows registry or files that enable Boot or Logon Autostart Execution. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1547.006", "attack-object-name": "Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "This control may detect changes to the Windows registry or files that enable Boot or Logon Autostart Execution. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1547.008", "attack-object-name": "LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "This control may detect changes to the Windows registry or files that enable Boot or Logon Autostart Execution. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1547.009", "attack-object-name": "Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "This control may detect changes to the Windows registry or files that enable Boot or Logon Autostart Execution. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1547.010", "attack-object-name": "Port Monitors", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "This control may detect changes to the Windows registry or files that enable Boot or Logon Autostart Execution. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1547.012", "attack-object-name": "Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1547"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may detect changes to the Windows registry upon creation or modification of logon scripts. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1037.001", "attack-object-name": "Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1037"}, {"comments": "This control may detect changes to the Windows registry upon creation or modification of logon scripts. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1037"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may detect changes to the Windows registry upon creation or modification of Windows services. This control may also detect changes to files used by systemd to create/modify systemd services. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1543.002", "attack-object-name": "Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1543"}, {"comments": "This control may detect changes to the Windows registry upon creation or modification of Windows services. This control may also detect changes to files used by systemd to create/modify systemd services. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1543"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may detect changes to the Windows registry or files that indicate event triggered execution. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1546.001", "attack-object-name": "Change Default File Association", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1546"}, {"comments": "This control may detect changes to the Windows registry or files that indicate event triggered execution. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1546.002", "attack-object-name": "Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1546"}, {"comments": "This control may detect changes to the Windows registry or files that indicate event triggered execution. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1546.004", "attack-object-name": ".bash_profile and .bashrc", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1546"}, {"comments": "This control may detect changes to the Windows registry or files that indicate event triggered execution. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1546.007", "attack-object-name": "Netsh Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1546"}, {"comments": "This control may detect changes to the Windows registry or files that indicate event triggered execution. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1546"}, {"comments": "This control may detect changes to the Windows registry or files that indicate event triggered execution. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1546.009", "attack-object-name": "AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1546"}, {"comments": "This control may detect changes to the Windows registry or files that indicate event triggered execution. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1546.011", "attack-object-name": "Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1546"}, {"comments": "This control may detect changes to the Windows registry or files that indicate event triggered execution. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1546.012", "attack-object-name": "Image File Execution Options Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1546"}, {"comments": "This control may detect changes to the Windows registry or files that indicate event triggered execution. The specificity of registry keys and files used in creation or modification of these scheduled tasks may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1546.013", "attack-object-name": "PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1546"}, {"comments": "The detection score for this group of sub-techniques is assessed as Minimal due to the accuracy component of the score. The registry keys which are modified as a result of these sub-techniques can change frequently or are too numerous to monitor and therefore can result in significant amount of false positives.\n", "attack-object-id": "T1546.010", "attack-object-name": "AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1546"}, {"comments": "The detection score for this group of sub-techniques is assessed as Minimal due to the accuracy component of the score. The registry keys which are modified as a result of these sub-techniques can change frequently or are too numerous to monitor and therefore can result in significant amount of false positives.\n", "attack-object-id": "T1546.015", "attack-object-name": "Component Object Model Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1546"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect changes to the ld.so.preload file which may indicate an attempt to hijack execution flow. This sub-technique may also be utilized through an environment variable which this control may not detect. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1574.006", "attack-object-name": "LD_PRELOAD", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1574"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect changes to the Windows registry to establish persistence with the Office Test sub-technique. The specificity of registry keys involved may reduce the false positive rate. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1137.002", "attack-object-name": "Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1137"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Some UAC bypass methods rely on modifying specific, user-accessible Registry settings that can be monitored using this control. Overall, there are numerous other bypass methods that do not result in Registry modification that this control will not be effective in detection resulting in a low detection coverage factor.", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1548"}, {"comments": "This control may detect changes to the sudoers file which may indicate privilege escalation. This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1548.003", "attack-object-name": "Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1548"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The Registry key used to register a Password Filter DLL can be monitored for changes using this control providing substantial coverage of this sub-technique. This key should not change often and therefore false positives should be minimal. This control at worst scans for changes on an hourly basis.", "attack-object-id": "T1556.002", "attack-object-name": "Password Filter DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1556"}, {"comments": "The PAM configuration and module paths (/etc/pam.d/) can be monitored for changes using this control. The files in this path should not change often and therefore false positives should be minimal. This control at worst scans for changes on an hourly basis.", "attack-object-id": "T1556.003", "attack-object-name": "Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1556"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can be used to detect the Windows Security Support Provider (SSP) DLLs variation of this sub-technique by monitoring the Registry keys used to register these DLLs. These keys should change infrequently and therefore false positives should be minimal. ", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1003"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can detect changes to the permissions of Windows and Linux files and can be used to detect modifications to sensitive directories and files that shouldn't change frequently. This control at worst scans for changes on an hourly basis.", "attack-object-id": "T1222.001", "attack-object-name": "Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1222"}, {"comments": "This control can detect changes to the permissions of Windows and Linux files and can be used to detect modifications to sensitive directories and files that shouldn't change frequently. This control at worst scans for changes on an hourly basis.", "attack-object-id": "T1222.002", "attack-object-name": "Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1222"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can be used to monitor Registry keys related to security software or event logging processes that can detect when an adversary attempts to disable these tools via modifying or deleting Registry keys. A majority of the cited procedure examples for this sub-technique are related to killing security processes rather than modifying the Registry, and therefore the detection coverage for this control is low.", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "There are numerous ways depending on the operating system that these sub-techniques can be accomplished. Monitoring the Windows Registry is one way depending on the procedure chosen to implement the sub-technique and therefore the overall coverage is low.", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "There are numerous ways depending on the operating system that these sub-techniques can be accomplished. Monitoring the Windows Registry is one way depending on the procedure chosen to implement the sub-technique and therefore the overall coverage is low.", "attack-object-id": "T1562.006", "attack-object-name": "Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1562"}, {"comments": "The techniques included in this mapping result in Windows Registry or file system artifacts being created or modified which can be detected by this control. \nThe detection score for most techniques included in this mapping was scored as Significant and where there are exceptions, comments have been provided. This Significant score assessment was due to the following factors: Coverage - (High) The control was able to detect most of the sub-techniques, references and procedure examples of the mapped techniques. Accuracy - (High) Although this control does not include built-in intelligence to minimize the false positive rate, the specific artifacts generated by the techniques in this mapping do not change frequently and therefore the potential for a high false-positive is reduced. Temporal - (Medium) This control at worst scans for changes on an hourly basis.\n", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-file-integrity-monitoring"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender", "Azure Defender for Servers", "Windows", "Linux"], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can detect modifications made to the Registry keys used to register Windows Subject Interface Packages (SIPs). Because this sub-technique can be accomplished without modifying the Registry via DLL Search Order Hijacking, it has been scored as Partial. The related Registry keys should not change often and therefore the false positive rate should be minimal. This control at worst scans for changes on an hourly basis.", "attack-object-id": "T1553.003", "attack-object-name": "SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1553"}, {"comments": "This control can be used to detect when the system root certificates has changed by detecting the corresponding Registry or File system modifications that occur as a result. These root certificates should not change often and therefore the false positive rate is minimal. This control at worst scans for changes on an hourly basis.", "attack-object-id": "T1553.004", "attack-object-name": "Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "File Integrity Monitoring", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1553"}, {"comments": "Azure Backup service provides defense against destruction/manipulation of data at rest. Scoring as \"Significant\" since it is an essential practice against data destruction et al, and can eradicate the threat event by restoring from backup.", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.microsoft.com/en-us/azure/backup/backup-overview"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Backup", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "Azure Backup service provides defense against destruction/manipulation of data at rest. Scoring as \"Significant\" since it is an essential practice against data destruction et al, and can eradicate the threat event by restoring from backup.", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": ["https://docs.microsoft.com/en-us/azure/backup/backup-overview"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Backup", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "Azure Backup service provides defense against destruction/manipulation of data at rest. Scoring as \"Significant\" since it is an essential practice against data destruction et al, and can eradicate the threat event by restoring from backup.", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": ["https://docs.microsoft.com/en-us/azure/backup/backup-overview"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Backup", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "Data backups provide a significant response to external or internal data defacement attacks by enabling the restoration of data from backup.", "attack-object-id": "T1491.002", "attack-object-name": "External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Backup", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1491"}, {"comments": "Data backups provide a significant response to external or internal data defacement attacks by enabling the restoration of data from backup.", "attack-object-id": "T1491.001", "attack-object-name": "Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Backup", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1491"}, {"comments": "Azure Backup service provides defense against destruction/manipulation of data at rest. Scoring as \"Significant\" since it is an essential practice against data destruction et al, and can eradicate the threat event by restoring from backup.", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": ["https://docs.microsoft.com/en-us/azure/backup/backup-overview"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Backup", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "Data backups provide a significant response to disk content wipe attacks by enabling the restoration of data from backup.", "attack-object-id": "T1561.001", "attack-object-name": "Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Backup", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": "T1561"}, {"comments": "Allows for recovery of disk content, though Disk structure wipes require additional procedures for recovery.", "attack-object-id": "T1561.002", "attack-object-name": "Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Backup", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Partial", "related-score": "T1561"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview"], "tags": ["Azure Active Directory", "Azure Security Center Recommendation", "Identity"], "mapping-description": "", "capability-id": "Managed identities for Azure resources", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control provides an alternative to hard-coding credentials for accessing Azure services in application code. This control only protects credentials for accessing Azure services and not other credential types, resulting in a Partial coverage score.", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "Managed identities for Azure resources", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1552"}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1590", "attack-object-name": "Gather Victim Network Information", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1590.002", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "", "attack-object-id": "T1590.004", "attack-object-name": "Network Topology", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "", "attack-object-id": "T1590.005", "attack-object-name": "IP Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "", "attack-object-id": "T1590.006", "attack-object-name": "Network Security Appliances", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may provide recommendations to audit and restrict privileges on Azure cloud accounts. This control may provide information to reduce surface area for privileged access to Azure.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1078"}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may recommend removing deprecated accounts, reducing privileges, and enabling multi-factor authentication. This can reduce the amount of accounts available to be exploited and what could be done with those accounts.", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1098"}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may provide recommendations to enable other Azure controls that provide information on potentially exploitable SQL stored procedures. Recommendations to reduce unnecessary privileges from accounts and stored procedures can mitigate exploitable of this technique. ", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1505"}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may provide recommendations to implement multi-factor authentication, implement password security policies, and replacing password authentication with more secure authentication methods. This control can affect Azure, Azure cloud application, and endpoint credentials.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This control may provide recommendations to implement multi-factor authentication, implement password security policies, and replacing password authentication with more secure authentication methods. This control can affect Azure, Azure cloud application, and endpoint credentials.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This control may provide recommendations to implement multi-factor authentication, implement password security policies, and replacing password authentication with more secure authentication methods. This control can affect Azure, Azure cloud application, and endpoint credentials.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1526", "attack-object-name": "Cloud Service Discovery", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may provide recommendations to restrict public access to Remote Desktop Protocol.", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1021"}, {"comments": "This control may provide recommendations to restrict public SSH access and enable usage of SSH keys. ", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1021"}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may provide recommendations to enable Azure Defender for DNS which can monitor DNS queries between Azure applications for malicious traffic.", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1071"}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is focused on the list of built-in policy definitions provided by Azure Policy. All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.microsoft.com/en-us/azure/governance/policy/overview", "https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#api-for-fhir"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Policy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Associated with the Azure Security Center.\nThe alerts can pick up outbound Denial of Service (DOS) attacks, though that's not an ATT&CK technique per se (description oriented towards inbound DOS), also is a form of resource hijacking (though not in ATT&CK description, which is oriented towards cryptomining).", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurenetlayer"], "tags": ["Analytics", "Azure Security Center", "Network"], "mapping-description": "", "capability-id": "Azure Alerts for Network Layer", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This control can identify multiple connection attempts by external IPs, which may be indicative of Brute Force attempts, though not T1110.002, which is performed offline.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Alerts for Network Layer", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control can identify multiple connection attempts by external IPs, which may be indicative of Brute Force attempts, though not T1110.002, which is performed offline.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Alerts for Network Layer", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control can identify multiple connection attempts by external IPs, which may be indicative of Brute Force attempts, though not T1110.002, which is performed offline.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Alerts for Network Layer", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "Associated with the Azure Security Center.\nThe alerts can pick up outbound Denial of Service (DOS) attacks, though that's not an ATT&CK technique per se (description oriented towards inbound DOS), also is a form of resource hijacking (though not in ATT&CK description, which is oriented towards cryptomining).", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurenetlayer"], "tags": ["Analytics", "Azure Security Center", "Network"], "mapping-description": "", "capability-id": "Azure Alerts for Network Layer", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can identify connections to known malicious sites. Scored minimal since the malicious sites must be on a block list. ", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Alerts for Network Layer", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1071"}, {"comments": "This control can identify connections to known malicious sites. Scored minimal since the malicious sites must be on a block list. ", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Alerts for Network Layer", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1071"}, {"comments": "This control can identify connections to known malicious sites. Scored minimal since the malicious sites must be on a block list. ", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Alerts for Network Layer", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1071"}, {"comments": "This control can identify connections to known malicious sites. Scored minimal since the malicious sites must be on a block list. ", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Alerts for Network Layer", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1071"}, {"comments": "Associated with the Azure Security Center.\nThe alerts can pick up outbound Denial of Service (DOS) attacks, though that's not an ATT&CK technique per se (description oriented towards inbound DOS), also is a form of resource hijacking (though not in ATT&CK description, which is oriented towards cryptomining).", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-azurenetlayer"], "tags": ["Analytics", "Azure Security Center", "Network"], "mapping-description": "", "capability-id": "Azure Alerts for Network Layer", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure"], "tags": ["Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Privileged Identity Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's Access Review feature supports scheduling a routine review of cloud account permission levels to look for those that could allow an adversary to gain wide access. This information can then be used to validate if such access is required and identify which (privileged) accounts should be monitored closely. This reduces the availability of valid accounts to adversaries. This review would normally be scheduled periodically, at most weekly, and therefore its temporal score is Partial.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Privileged Identity Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure"], "tags": ["Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Privileged Identity Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure"], "tags": ["Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Privileged Identity Management", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can require MFA to be triggered when the Global Administrator role is assigned to an account or when the role is activated by a user.", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Privileged Identity Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1098"}, {"comments": "This control can notify administrators whenever the Global Administrator role is assigned to an account and can therefore be used to detect the execution of this sub-technique. Assigning the Global Administrator role to an account is an infrequent operation and as a result, the false positive rate should be minimal.", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Privileged Identity Management", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1098"}, {"comments": "Privileged roles such as the Application Administrator role can be configured to require MFA on activation to provide additional protection against the execution of this technique. In addition these privileged roles can be assigned as eligible rather than permanently active roles to further reduce the attack surface.", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Privileged Identity Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1098"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure"], "tags": ["Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Privileged Identity Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Privileged roles such as the User Administrator role can be configured to require MFA on activation to provide additional protection against the execution of this technique. In addition, these privileged roles can be assigned as eligible rather than permanently active roles to further reduce the attack surface.", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Privileged Identity Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1136"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways"], "tags": ["Network"], "mapping-description": "", "capability-id": "Azure VPN Gateway", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": ["https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways"], "tags": ["Network"], "mapping-description": "", "capability-id": "Azure VPN Gateway", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure VPN Gateway", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1557"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "LLMNR/NBT-NS Poisoning and SMB Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure VPN Gateway", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1557"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways"], "tags": ["Network"], "mapping-description": "", "capability-id": "Azure VPN Gateway", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure VPN Gateway", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1565"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/azure-sql/database/threat-detection-overview", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-sql-db-and-warehouse"], "tags": ["Azure Defender", "Azure Defender for SQL", "Azure Security Center", "Azure Security Center Recommendation", "Database"], "mapping-description": "", "capability-id": "Advanced Threat Protection for Azure SQL Database", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on logon events that are suspicious. This includes logins from unusual locations, logins from suspicious IP addresses, and users that do not commonly access the resource. These alerts may limit the ability of an attacker to utilize a valid cloud account to access and manipulate Azure databases. ", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Advanced Threat Protection for Azure SQL Database", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": ["https://docs.microsoft.com/en-us/azure/azure-sql/database/threat-detection-overview", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-sql-db-and-warehouse"], "tags": ["Azure Defender", "Azure Defender for SQL", "Azure Security Center", "Azure Security Center Recommendation", "Database"], "mapping-description": "", "capability-id": "Advanced Threat Protection for Azure SQL Database", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/azure-sql/database/threat-detection-overview", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-sql-db-and-warehouse"], "tags": ["Azure Defender", "Azure Defender for SQL", "Azure Security Center", "Azure Security Center Recommendation", "Database"], "mapping-description": "", "capability-id": "Advanced Threat Protection for Azure SQL Database", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may alert on repeated sign in attempts to the resource and successful logins from a suspicious location, IP address, or a user that does not commonly log in to the resource. Because this control is specific to Azure database offerings, the detection coverage is Minimal.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Advanced Threat Protection for Azure SQL Database", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "This control may alert on repeated sign in attempts to the resource and successful logins from a suspicious location, IP address, or a user that does not commonly log in to the resource. Because this control is specific to Azure database offerings, the detection coverage is Minimal.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Advanced Threat Protection for Azure SQL Database", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "This control may alert on repeated sign in attempts to the resource and successful logins from a suspicious location, IP address, or a user that does not commonly log in to the resource. Because this control is specific to Azure database offerings, the detection coverage is Minimal.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Advanced Threat Protection for Azure SQL Database", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1110"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/azure-sql/database/threat-detection-overview", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-sql-db-and-warehouse"], "tags": ["Azure Defender", "Azure Defender for SQL", "Azure Security Center", "Azure Security Center Recommendation", "Database"], "mapping-description": "", "capability-id": "Advanced Threat Protection for Azure SQL Database", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": ["https://docs.microsoft.com/en-us/azure/ddos-protection/ddos-protection-overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure DDOS Protection Standard", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure DDOS Protection Standard", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1498"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure DDOS Protection Standard", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1498"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://docs.microsoft.com/en-us/azure/ddos-protection/ddos-protection-overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure DDOS Protection Standard", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure DDOS Protection Standard", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1499"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure DDOS Protection Standard", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1499"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure DDOS Protection Standard", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1499"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1584", "attack-object-name": "Compromise Infrastructure", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Subdomain hijacking is a focus of this control, and its Dangling DNS detection alert feature is activated when an App Service website is decommissioned and its corresponding DNS entry is not deleted, allowing users to remove those entries before they can be leveraged by an adversary.", "attack-object-id": "T1584.001", "attack-object-name": "Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1584"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control monitors for references to suspicious domain names and file downloads from known malware sources, and monitors processes for downloads from raw-data websites like Pastebin, all of which are relevant for detecting users' interactions with malicious download links, but malicious links which exploit browser vulnerabilities for execution are unlikely to be detected, and temporal factor is unknown, resulting in a score of Minimal.", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1204"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1140", "attack-object-name": "Deobfuscate/Decode Files or Information", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control monitors for known phishing links on the Azure App Services website and generates alerts if they are detected, potentially preventing their access by users. This is a very specific avenue, only covers known links, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1566"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control monitors host data for potential reverse shells used for command and control. Temporal factor is unknown.", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1059"}, {"comments": "This control monitors for execution of known malicious PowerShell PowerSploit cmdlets. Temporal factor is uknown.", "attack-object-id": "T1059.001", "attack-object-name": "PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1059"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control monitors for web fingerprinting tools including nmap and Blind Elephant, as well as scanners looking for vulnerability in applications like Drupal, Joomla, and WordPress. Temporal factor is unknown.", "attack-object-id": "T1595.002", "attack-object-name": "Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1594", "attack-object-name": "Search Victim-Owned Websites", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate.", "attack-object-id": "T1055.001", "attack-object-name": "Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate.", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate.", "attack-object-id": "T1055.003", "attack-object-name": "Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate.", "attack-object-id": "T1055.004", "attack-object-name": "Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate.", "attack-object-id": "T1055.005", "attack-object-name": "Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate.", "attack-object-id": "T1055.011", "attack-object-name": "Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate.", "attack-object-id": "T1055.012", "attack-object-name": "Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate.", "attack-object-id": "T1055.013", "attack-object-name": "Process Doppelg\u00e4nging", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate.", "attack-object-id": "T1055.008", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate.", "attack-object-id": "T1055.009", "attack-object-name": "Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "Injection attacks are specifically cited as a detection focus for Fileless Attack Detection, which is part of this control, with even more specific references to Process Hollowing, executable image injection, and threads started in a dynamically allocated code segment. Detection is periodic at an unknown rate.", "attack-object-id": "T1055.014", "attack-object-name": "VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1055"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's Fileless Attack Detection identifies suspicious command execution within process memory. Detection is periodic at an unknown rate.", "attack-object-id": "T1559.001", "attack-object-name": "Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1559"}, {"comments": "This control's Fileless Attack Detection identifies suspicious command execution within process memory. Detection is periodic at an unknown rate.", "attack-object-id": "T1559.002", "attack-object-name": "Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1559"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control analyzes host data to detect processes with suspicious names, including those named in a way that is suggestive of attacker tools that try to hide in plain sight. False positives are probable, and temporal factor is unknown.", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1036"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of this sub-technique via the Get-ProcessTokenGroup module on Windows, but does not address other procedures or platforms, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1087.001", "attack-object-name": "Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1087"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1123", "attack-object-name": "Audio Capture", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of this sub-technique via the Install-SSP module on Windows, but does not address other procedures or platforms, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1547.005", "attack-object-name": "Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1547"}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of this sub-technique via New-UserPersistenceOption on Windows, but does not address other procedures or platforms, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1547.001", "attack-object-name": "Registry Run Keys / Startup Folder", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1547"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of this sub-technique via the Privesc-PowerUp modules on Windows, but does not address other procedures, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1543"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of these sub-techniques via the Privesc-PowerUp modules, but does not address other procedures, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1574.001", "attack-object-name": "DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1574"}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of these sub-techniques via the Privesc-PowerUp modules, but does not address other procedures, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1574"}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of these sub-techniques via the Privesc-PowerUp modules, but does not address other procedures, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1574.008", "attack-object-name": "Path Interception by Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1574"}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of these sub-techniques via the Privesc-PowerUp modules, but does not address other procedures, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1574.009", "attack-object-name": "Path Interception by Unquoted Path", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1574"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1056", "attack-object-name": "Input Capture", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of this sub-technique via the Get-Keystrokes Exfiltration module on Windows, but does not address other procedures or platforms, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1056.001", "attack-object-name": "Keylogging", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1056"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of this sub-technique via the Find-AVSignature AntivirusBypass module on Windows, but does not address other procedures or platforms, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1027.005", "attack-object-name": "Indicator Removal from Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1027"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of this sub-technique via the Exfiltration modules, but does not address other procedures, and temporal factor is unknown, so score is Minimal.", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1003"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1057", "attack-object-name": "Process Discovery", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1012", "attack-object-name": "Query Registry", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of this sub-technique via the New-UserPersistenceOption Persistence module on Windows, but does not address other procedures, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1053"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1113", "attack-object-name": "Screen Capture", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of this sub-technique via the Invoke-Kerberoast module, but does not address other procedures, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1558"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of this sub-technique via the Get-UnattendedInstallFile, Get-Webconfig, Get-ApplicationHost, Get-SiteListPassword, Get-CachedGPPPassword, and RegistryAutoLogon modules, but does not address other procedures, and temporal factor is unknown, resulting in a Minimal.", "attack-object-id": "T1552.002", "attack-object-name": "Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1552"}, {"comments": "This control analyzes host data to detect execution of known malicious PowerShell PowerSploit cmdlets. This covers execution of this sub-technique via the Exfiltration modules, but does not address other procedures, and temporal factor is unknown, resulting in a Minimal score.", "attack-object-id": "T1552.006", "attack-object-name": "Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1552"}, {"comments": "The AppServices_KnownCredentialAccessTools alert is used to detect suspicious processes associated with credential theft. This is clearly linked to the Credential Access tactic, but does not clearly detect any specific technique or set of techniques, so it has been omitted from this mapping.", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/alerts-reference", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-app-service-introduction", "https://azure.microsoft.com/en-us/services/app-service/", "https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction"], "tags": ["Azure Defender", "Azure Security Center", "Azure Security Center Recommendation", "Linux", "Windows"], "mapping-description": "", "capability-id": "Azure Defender for App Service", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "At first glance, this control seems mappable to Exfiltration (sub-)techniques but upon further analysis, it doesn't really mitigate exfiltration but rather its prerequisite Collection (sub-)techniques.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview"], "tags": ["Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Conditional Access can be used to enforce MFA for users which can significantly reduce the impact of a password compromise, requiring an adversary to complete an additional authentication method before their access is permitted.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "Conditional Access can be used to enforce MFA for users which can significantly reduce the impact of a password compromise, requiring an adversary to complete an additional authentication method before their access is permitted.", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "Conditional Access can be used to enforce MFA for users which can significantly reduce the impact of a password compromise, requiring an adversary to complete an additional authentication method before their access is permitted.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "Conditional Access can be used to enforce MFA for users which can significantly reduce the impact of a password compromise, requiring an adversary to complete an additional authentication method before their access is permitted.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "At first glance, this control seems mappable to Exfiltration (sub-)techniques but upon further analysis, it doesn't really mitigate exfiltration but rather its prerequisite Collection (sub-)techniques.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview"], "tags": ["Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can protect against the abuse of valid cloud accounts by requiring MFA or blocking access altogether based on signals such as the user's IP location information, device compliance state, risky sign-in/user state (through integration with Azure AD Identity Protection). Additionally, session controls that can limit what a valid user can do within an app can also be triggered based on the aforementioned triggers.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1078"}, {"comments": "At first glance, this control seems mappable to Exfiltration (sub-)techniques but upon further analysis, it doesn't really mitigate exfiltration but rather its prerequisite Collection (sub-)techniques.", "attack-object-id": "T1074", "attack-object-name": "Data Staged", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview"], "tags": ["Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Conditional Access (CA), when granting (risky) users access to Office applications like SharePoint and OneDrive, can restrict what they can do in these applications using its app-enforced restrictions. For example, it can enforce that users on unmanaged devices will have browser-only access to SharePoint/OneDrive with no ability to download, print, or sync files. This can impede an adversary's ability to collect and stage files. This offers minimal coverage as it requires the target application to support such a feature that can be triggered by this control and to date only a few (Office) applications support this.", "attack-object-id": "T1074.002", "attack-object-name": "Remote Data Staging", "references": [], "tags": [], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1074"}, {"comments": "Conditional Access (CA), when granting (risky) users access to Office applications like SharePoint and OneDrive, can restrict what they can do in these applications using its app-enforced restrictions. For example, it can enforce that users on unmanaged devices will have browser-only access to SharePoint/OneDrive with no ability to download, print, or sync files. This can impede an adversary's ability to collect and stage files. This offers minimal coverage as it requires the target application to support such a feature that can be triggered by this control and to date only a few (Office) applications support this.", "attack-object-id": "T1074.001", "attack-object-name": "Local Data Staging", "references": [], "tags": [], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1074"}, {"comments": "At first glance, this control seems mappable to Exfiltration (sub-)techniques but upon further analysis, it doesn't really mitigate exfiltration but rather its prerequisite Collection (sub-)techniques.", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview"], "tags": ["Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "At first glance, this control seems mappable to Exfiltration (sub-)techniques but upon further analysis, it doesn't really mitigate exfiltration but rather its prerequisite Collection (sub-)techniques.", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview"], "tags": ["Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Conditional Access (CA), when granting (risky) users access to Office applications like SharePoint can restrict what they can do in these applications using its app-enforced restrictions. For example, it can enforce that users on unmanaged devices will have browser-only access to SharePoint with no ability to download, print, or sync files. Furthermore, with its integration with Microsoft Cloud App Security, it can even restrict cut, copy and paste operations. This can impede an adversary's ability to collect valuable information and/or files from the application. This protection is partial as it doesn't prohibit an adversary from potentially viewing sensitive information and manually collecting it, for example simply writing down information by hand.", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "Conditional Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1213"}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can identify anomalous behavior such as geographically impossible logins and out-of-character activity. \nRelevant alerts include \"Activity from anonymous IP address\" , \"Activity from infrequent country\", \"Activity from suspicious IP address\", \"Impossible Travel\", and \"Activity performed by terminated user\".", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "This control can identify anomalous behavior such as geographically impossible logins and out-of-character activity. \nRelevant alerts include \"Activity from anonymous IP address\" , \"Activity from infrequent country\", \"Activity from suspicious IP address\", \"Impossible Travel\", and \"Activity performed by terminated user\".", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "This control can identify anomalous behavior such as geographically impossible logins and out-of-character activity. \nRelevant alerts include \"Activity from anonymous IP address\" , \"Activity from infrequent country\", \"Activity from suspicious IP address\", \"Impossible Travel\", and \"Activity performed by terminated user\".", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can identify large volume potential exfiltration activity.", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1567"}, {"comments": "This control can identify large volume potential exfiltration activity, and log user activity potentially related to exfiltration via web services. A relevant alert is \"Unusual file download (by user)\".", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1567"}, {"comments": "This control can identify large volume potential exfiltration activity.", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1567"}, {"comments": "This control can identify large volume potential exfiltration activity, and log user activity potentially related to exfiltration via web services. A relevant alert is \"Unusual file download (by user)\".", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1567"}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1526", "attack-object-name": "Cloud Service Discovery", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may detect anomalous user behavior wrt information repositories such as Sharepoint or Confluence.", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1213"}, {"comments": "This control may detect anomalous user behavior wrt information repositories such as Sharepoint or Confluence.", "attack-object-id": "T1213.002", "attack-object-name": "Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1213"}, {"comments": "This control may detect anomalous user behavior wrt information repositories such as Sharepoint or Confluence.", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1213"}, {"comments": "This control may detect anomalous user behavior wrt information repositories such as Sharepoint or Confluence.", "attack-object-id": "T1213.001", "attack-object-name": "Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1213"}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can detect and encrypt sensitive information at rest on supported platforms.", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1565"}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can detect admin activity from risky IP addresses.", "attack-object-id": "T1484.002", "attack-object-name": "Domain Trust Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1484"}, {"comments": "This control can detect admin activity from risky IP addresses.", "attack-object-id": "T1484.001", "attack-object-name": "Group Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1484"}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can detect anomalous admin activity that may be indicative of account manipulation. Relevant alerts include \"Unusual administrative activity (by user)\" and \"Unusual addition of credentials to an OAuth app\".", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1098"}, {"comments": "This control can detect anomalous admin activity that may be indicative of account manipulation. Relevant alerts include \"Unusual administrative activity (by user)\" and \"Unusual addition of credentials to an OAuth app\".", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1098"}, {"comments": "This control can detect anomalous admin activity that may be indicative of account manipulation. Relevant alerts include \"Unusual administrative activity (by user)\" and \"Unusual addition of credentials to an OAuth app\".", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1098"}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can identify anomalous admin activity.", "attack-object-id": "T1578.004", "attack-object-name": "Revert Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1578"}, {"comments": "This control can identify anomalous admin activity.", "attack-object-id": "T1578.003", "attack-object-name": "Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1578"}, {"comments": "This control can identify anomalous admin activity.", "attack-object-id": "T1578.001", "attack-object-name": "Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1578"}, {"comments": "This control can identify anomalous admin activity.", "attack-object-id": "T1578.002", "attack-object-name": "Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1578"}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can identify some evidence of potential C2 via a specific application layer protocol (mail). Relevant alerts include \"Suspicious inbox forwarding\" and \"Suspicious inbox manipulation rule\".", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can detect some activity indicative of brute force attempts to login. Relevant alert is \"Multiple failed login attempts\".", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This control can detect some activity indicative of brute force attempts to login. Relevant alert is \"Multiple failed login attempts\".", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This control can detect some activity indicative of brute force attempts to login. Relevant alert is \"Multiple failed login attempts\".", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This control is basically a CASB, and various features can generate logs and alerts that can be incorporated into a SIEM such as Sentinel for moderate to high temporal score.", "attack-object-id": "T1534", "attack-object-name": "Internal Spearphishing", "references": ["https://docs.microsoft.com/en-us/cloud-app-security/policies-cloud-discovery", "https://docs.microsoft.com/en-us/cloud-app-security/policies-information-protection", "https://docs.microsoft.com/en-us/cloud-app-security/investigate-anomaly-alerts"], "tags": [], "mapping-description": "", "capability-id": "Cloud App Security Policies", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping file covers Docker container registries security features along with the Azure Defender for Container Registries scanner. The scanning capability of the control is only available for Linux images in registries accessible from the public internet with shell access which limits the general applicability.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-container-registries-introduction", "https://docs.microsoft.com/en-us/azure/container-registry/container-registry-intro"], "tags": ["Azure Defender", "Azure Security Center Recommendation", "Containers"], "mapping-description": "", "capability-id": "Azure Defender for Container Registries", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping file covers Docker container registries security features along with the Azure Defender for Container Registries scanner. The scanning capability of the control is only available for Linux images in registries accessible from the public internet with shell access which limits the general applicability.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-container-registries-introduction", "https://docs.microsoft.com/en-us/azure/container-registry/container-registry-intro"], "tags": ["Azure Defender", "Azure Security Center Recommendation", "Containers"], "mapping-description": "", "capability-id": "Azure Defender for Container Registries", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping file covers Docker container registries security features along with the Azure Defender for Container Registries scanner. The scanning capability of the control is only available for Linux images in registries accessible from the public internet with shell access which limits the general applicability.", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-container-registries-introduction", "https://docs.microsoft.com/en-us/azure/container-registry/container-registry-intro"], "tags": ["Azure Defender", "Azure Security Center Recommendation", "Containers"], "mapping-description": "", "capability-id": "Azure Defender for Container Registries", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping file covers Docker container registries security features along with the Azure Defender for Container Registries scanner. The scanning capability of the control is only available for Linux images in registries accessible from the public internet with shell access which limits the general applicability.", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-container-registries-introduction", "https://docs.microsoft.com/en-us/azure/container-registry/container-registry-intro"], "tags": ["Azure Defender", "Azure Security Center Recommendation", "Containers"], "mapping-description": "", "capability-id": "Azure Defender for Container Registries", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's \"Require MFA for administrative roles\" and \"Ensure all users can complete multi-factor authentication for secure access\" recommendations for enabling MFA can significantly lead to reducing the impact of a password compromise of accounts, requiring the adversary to complete an additional authentication method before their access is permitted.\nThis control's \"Do not expire passwords\" recommendation also can lead to mitigating the Password Guessing or Cracking sub-techniques by disabling password reset which tends to lead to users selecting weaker passwords. \nThis control's \"Enable policy to block legacy authentication\" and \"Stop legacy protocols communication\" recommendations can lead to protecting against these brute force attacks as Microsoft research has shown organizations that have disabled legacy authentication experience 67 percent fewer compromises than those where legacy authentication is enabled. Additionally, the same research shows that more than 99 percent of password spray and more than 97 percent of credential stuffing attacks use legacy authentication.\nThis control's \"Resolve unsecure account attributes\" recommendation can lead to detecting accounts with disabled (Kerberos) Preauthentication which can enable offline Password Cracking.\nBecause these are recommendations and do not actually enforce MFA, the assessed score is capped at Partial. ", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This control's \"Require MFA for administrative roles\" and \"Ensure all users can complete multi-factor authentication for secure access\" recommendations for enabling MFA can significantly lead to reducing the impact of a password compromise of accounts, requiring the adversary to complete an additional authentication method before their access is permitted.\nThis control's \"Do not expire passwords\" recommendation also can lead to mitigating the Password Guessing or Cracking sub-techniques by disabling password reset which tends to lead to users selecting weaker passwords. \nThis control's \"Enable policy to block legacy authentication\" and \"Stop legacy protocols communication\" recommendations can lead to protecting against these brute force attacks as Microsoft research has shown organizations that have disabled legacy authentication experience 67 percent fewer compromises than those where legacy authentication is enabled. Additionally, the same research shows that more than 99 percent of password spray and more than 97 percent of credential stuffing attacks use legacy authentication.\nThis control's \"Resolve unsecure account attributes\" recommendation can lead to detecting accounts with disabled (Kerberos) Preauthentication which can enable offline Password Cracking.\nBecause these are recommendations and do not actually enforce MFA, the assessed score is capped at Partial. ", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This control's \"Require MFA for administrative roles\" and \"Ensure all users can complete multi-factor authentication for secure access\" recommendations for enabling MFA can significantly lead to reducing the impact of a password compromise of accounts, requiring the adversary to complete an additional authentication method before their access is permitted.\nThis control's \"Do not expire passwords\" recommendation also can lead to mitigating the Password Guessing or Cracking sub-techniques by disabling password reset which tends to lead to users selecting weaker passwords. \nThis control's \"Enable policy to block legacy authentication\" and \"Stop legacy protocols communication\" recommendations can lead to protecting against these brute force attacks as Microsoft research has shown organizations that have disabled legacy authentication experience 67 percent fewer compromises than those where legacy authentication is enabled. Additionally, the same research shows that more than 99 percent of password spray and more than 97 percent of credential stuffing attacks use legacy authentication.\nThis control's \"Resolve unsecure account attributes\" recommendation can lead to detecting accounts with disabled (Kerberos) Preauthentication which can enable offline Password Cracking.\nBecause these are recommendations and do not actually enforce MFA, the assessed score is capped at Partial. ", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This control's \"Require MFA for administrative roles\" and \"Ensure all users can complete multi-factor authentication for secure access\" recommendations for enabling MFA can significantly lead to reducing the impact of a password compromise of accounts, requiring the adversary to complete an additional authentication method before their access is permitted.\nThis control's \"Do not expire passwords\" recommendation also can lead to mitigating the Password Guessing or Cracking sub-techniques by disabling password reset which tends to lead to users selecting weaker passwords. \nThis control's \"Enable policy to block legacy authentication\" and \"Stop legacy protocols communication\" recommendations can lead to protecting against these brute force attacks as Microsoft research has shown organizations that have disabled legacy authentication experience 67 percent fewer compromises than those where legacy authentication is enabled. Additionally, the same research shows that more than 99 percent of password spray and more than 97 percent of credential stuffing attacks use legacy authentication.\nThis control's \"Resolve unsecure account attributes\" recommendation can lead to detecting accounts with disabled (Kerberos) Preauthentication which can enable offline Password Cracking.\nBecause these are recommendations and do not actually enforce MFA, the assessed score is capped at Partial. ", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Require MFA for administrative roles\" and \"Ensure all users can complete multi-factor authentication for secure access\" recommendations of MFA can provide protection against an adversary that obtains valid credentials by requiring the adversary to complete an additional authentication process before access is permitted. See the mapping for MFA for more details. \nThis control's \"Use limited administrative roles\" recommendation recommends reviewing and limiting the number of accounts with global admin privilege, reducing what an adversary can do with a compromised valid account.\nBecause these are recommendations and do not actually enforce the protections, the assessed score is capped at Partial. ", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "This control's \"Turn on sign-in risk policy\" and \"Turn on user risk policy\" recommendations recommend enabling Azure AD Identity Protection which can lead to detecting adversary usage of valid accounts. See the mapping for Azure AD Identity Protection.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "This control's \"Remove dormant accounts from sensitive groups\" recommendation recommends reviewing dormant (domain) accounts from sensitive groups via an assessment report that can identify sensitive accounts that are dormant.\nBecause these are recommendations and do not actually enforce the protections coupled with being limited to sensitive accounts, the assessed score is Minimal. ", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1078"}, {"comments": "This control's \"Protect and manage local admin passwords with Microsoft LAPS\" recommendation recommends periodically running and reviewing the Microsoft LAPS usage report that identifies all Windows based devices not protected by Microsoft LAPS. This can help reduce the compromise of local administrator accounts.\nBecause this is a recommendations and not actually enforced coupled with being limited to sensitive accounts, the assessed score is Minimal. ", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1078"}, {"comments": "This control's \"Protect and manage local admin passwords with Microsoft LAPS\" recommendation recommends periodically running and reviewing the Microsoft LAPS usage report that identifies all Windows based devices not protected by Microsoft LAPS. This can help reduce the compromise of local administrator accounts.\nBecause this is a recommendations and not actually enforced coupled with being limited to sensitive accounts, the assessed score is Minimal. ", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1078"}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's \"Turn on sign-in risk policy\" and \"Turn on user risk policy\" recommendations recommend enabling Azure AD Identity Protection which can detect the malicious usage of SAML Tokens. This is a recommendation and therefore the score is capped at Partial.", "attack-object-id": "T1606.002", "attack-object-name": "SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1606"}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's \"Resolve unsecure account attributes\" recommendation can lead to detecting Active Directory accounts which do not require Kerberos preauthentication. Preauthentication offers protection against offline (Kerberos) Password Cracking. \nBecause this is a recommendation its score is capped as Partial.", "attack-object-id": "T1558.004", "attack-object-name": "AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1558"}, {"comments": "This control's \"Reduce lateral movement path risk to sensitive entities\" recommendation can lead to protecting sensitive accounts against Pass-the-Hash and Pass-the-Ticket attacks that may result in an adversary acquiring a golden ticket. It recommends running the Lateral-Movement-Paths report to understand and identify exactly how attackers can move laterally through the monitored network to gain access to privileged identities such as the KRBTGT on the domain controller. Because this is a recommendation, its score has been capped as Partial.", "attack-object-id": "T1558.001", "attack-object-name": "Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1558"}, {"comments": "This control's \"Modify unsecure Kerberos delegations to prevent impersonation\" recommendation promotes running the \"Unsecure Kerberos delegation\" report that can identify accounts that have unsecure Kerberos delegation configured. Unsecured Kerberos delegation can lead to exposing account TGTs to more hosts resulting in an increased attack surface for Kerberoasting. Due to this control providing a recommendation its score is capped at Partial.", "attack-object-id": "T1558.003", "attack-object-name": "Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1558"}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's \"Reduce lateral movement path risk to sensitive entities\" recommendation can lead to protecting sensitive accounts against Pass-the-Hash and Pass-the-Ticket attacks by recommending running the Lateral-Movement-Paths report to understand and identify exactly how attackers can move laterally through the monitored network to gain access to privileged identities. Because this is a recommendation, its score has been capped as Partial.", "attack-object-id": "T1550.003", "attack-object-name": "Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1550"}, {"comments": "This control's \"Reduce lateral movement path risk to sensitive entities\" recommendation can lead to protecting sensitive accounts against Pass-the-Hash and Pass-the-Ticket attacks by recommending running the Lateral-Movement-Paths report to understand and identify exactly how attackers can move laterally through the monitored network to gain access to privileged identities. Because this is a recommendation, its score has been capped as Partial.", "attack-object-id": "T1550.002", "attack-object-name": "Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1550"}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control was mapped to (sub-)techniques based on the Security Score improvement actions listed in a sample Azure AD tenant that we provisioned. We were unable to find a comprehensive list of the security checks made by the control listed in its documentation. We did note that there were some improvement actions listed that our tenant received the max score, leading us to believe that the actions listed were the complete list of checks and not just those that were outstanding for our tenant.\nThe following improvement actions were analyzed:\nRequire MFA for administrative roles, Designate more than one global admin, Do not allow users to grant consent to unmanaged applications, Use limited administrative roles, Do not expire passwords, Enable policy to block legacy authentication Turn on sign-in risk policy, Turn on user risk policy, Ensure all users can complete multi-factor authentication for secure access, Enable self-service password reset, Resolve unsecure account attributes, Reduce lateral movement path risk to sensitive entities, Set a honeytoken account, Stop clear text credentials exposure, Install Defender for Identity Sensor on all Domain Controllers, Disable Print spooler service on domain controllers, Configure VPN integration, Configure Microsoft Defender for Endpoint Integration (*excluded, would increase the scope, see mapping for Microsoft Defender for Endpoint), Stop legacy protocols communication, Stop weak cipher usage, Remove dormant accounts from sensitive groups, Protect and manage local admin passwords with Microsoft LAPS, Remove unsecure SID history attributes from entities, Fix Advanced Audit Policy issues, Modify unsecure Kerberos delegations to prevent impersonation. \nAll scores were capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#", "https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-account-attributes", "https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/new-identity-security-posture-assessments-riskiest-lmps-and/m-p/1491675"], "tags": ["Credentials", "Azure Active Directory", "Identity", "MFA"], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control's \"Remove unsecure SID history attributes from entities\" recommendation promotes running the \"Unsecure SID history attributes\" report periodically which can lead to identifying accounts with SID History attributes which Microsoft Defender for Identity profiles to be risky. Because this is a recommendation and not actually enforced, coupled with the detection its assessed score is capped at Partial. ", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure AD Identity Secure Score", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1134"}, {"comments": "All scores have been assessed as Partial because this control increases the strength of user passwords thereby reducing the likelihood of a successful brute force attack. Due to the fact that a user's password is not checked against the banned list of passwords unless the user changes or resets their password (which is an infrequent event), there is still ample opportunity for attackers to utilize this technique to gain access. This is what prevented the score from being elevated to Significant.\n", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad"], "tags": ["Azure Active Directory", "Credentials", "Identity", "Passwords"], "mapping-description": "", "capability-id": "Azure Active Directory Password Protection", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Active Directory Password Protection", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Active Directory Password Protection", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Active Directory Password Protection", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Active Directory Password Protection", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1110"}, {"comments": "Signature based antimalware solutions are generally dependent on Indicators of Compromise(IOCs) such as file hashes and malware signatures. ATT&CK is primarily centered on behaviors and Tactics, Techniques, and Procedures(TTPs), hence the minimal amount of techinques and scoring.", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": ["https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware", "https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware-code-samples"], "tags": ["Azure Security Center"], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Signature based antimalware solutions are generally dependent on Indicators of Compromise(IOCs) such as file hashes and malware signatures. ATT&CK is primarily centered on behaviors and Tactics, Techniques, and Procedures(TTPs), hence the minimal amount of techinques and scoring.", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": ["https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware", "https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware-code-samples"], "tags": ["Azure Security Center"], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may quarantine and/or delete any spearphishing attachment that has been downloaded and matches a malware signature. Customized malware without a matching signature may not generate an alert.", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1566"}, {"comments": "This control may detect any spearphishing attachment that has been downloaded and matches a malware signature. Customized malware without a matching signature may not generate an alert.", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1566"}, {"comments": "Signature based antimalware solutions are generally dependent on Indicators of Compromise(IOCs) such as file hashes and malware signatures. ATT&CK is primarily centered on behaviors and Tactics, Techniques, and Procedures(TTPs), hence the minimal amount of techinques and scoring.", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": ["https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware", "https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware-code-samples"], "tags": ["Azure Security Center"], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control monitors activity in cloud services and on virtual machines to block malware execution. This is dependent on a signature being available. ", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1204"}, {"comments": "This control monitors activity in cloud services and on virtual machines to detect malware execution. This is dependent on a signature being available. ", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1204"}, {"comments": "Signature based antimalware solutions are generally dependent on Indicators of Compromise(IOCs) such as file hashes and malware signatures. ATT&CK is primarily centered on behaviors and Tactics, Techniques, and Procedures(TTPs), hence the minimal amount of techinques and scoring.", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": ["https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware", "https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware-code-samples"], "tags": ["Azure Security Center"], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Signature based antimalware solutions are generally dependent on Indicators of Compromise(IOCs) such as file hashes and malware signatures. ATT&CK is primarily centered on behaviors and Tactics, Techniques, and Procedures(TTPs), hence the minimal amount of techinques and scoring.", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": ["https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware", "https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware-code-samples"], "tags": ["Azure Security Center"], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Signature based antimalware solutions are generally dependent on Indicators of Compromise(IOCs) such as file hashes and malware signatures. ATT&CK is primarily centered on behaviors and Tactics, Techniques, and Procedures(TTPs), hence the minimal amount of techinques and scoring.", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": ["https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware", "https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware-code-samples"], "tags": ["Azure Security Center"], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Signature based antimalware solutions are generally dependent on Indicators of Compromise(IOCs) such as file hashes and malware signatures. ATT&CK is primarily centered on behaviors and Tactics, Techniques, and Procedures(TTPs), hence the minimal amount of techinques and scoring.", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": ["https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware", "https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware-code-samples"], "tags": ["Azure Security Center"], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may quarantine and/or delete malware that has been packed by well known software packing utilities. These utilities can provide signatures that apply to a variety of malware.", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1027"}, {"comments": "This control may detect malware that has been packed by well known software packing utilities. These utilities can provide signatures that apply to a variety of malware.", "attack-object-id": "T1027.002", "attack-object-name": "Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Microsoft Antimalware for Azure", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1027"}, {"comments": "", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": ["https://docs.microsoft.com/en-us/azure/web-application-firewall/overview"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Focuses on web vulnerability scanning of OWASP Core Rule Set (CRS).", "attack-object-id": "T1595.002", "attack-object-name": "Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "", "attack-object-id": "T1595.002", "attack-object-name": "Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/web-application-firewall/overview"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/web-application-firewall/overview"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://docs.microsoft.com/en-us/azure/web-application-firewall/overview"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://docs.microsoft.com/en-us/azure/web-application-firewall/overview"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/azure/web-application-firewall/overview"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/azure/web-application-firewall/overview"], "tags": ["Azure Security Center Recommendation"], "mapping-description": "", "capability-id": "Azure Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can protect web applications from protocol attacks that may be indicative of adversary activity.", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "This control can detect protocol attacks targeting web applications that may be indicative of adversary activity.", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Web Application Firewall", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "The temporal score for this control on most of the techniques and subtechnique is minimal, since it does not provide specific analytics itself (though can be used to provide data to other analytics after the fact. \"The event-related data is collected near real time from the analytic and audit logs provided by enhanced DNS logging and diagnostics in Windows Server 2012 R2.\". Inventory-related data is uploaded every 48 hours.", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/azure/azure-monitor/insights/dns-analytics"], "tags": ["DNS", "Network"], "mapping-description": "", "capability-id": "Azure DNS Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can be used forensically to identify clients that communicated with identified C2 hosts.", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure DNS Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1071"}, {"comments": "The temporal score for this control on most of the techniques and subtechnique is minimal, since it does not provide specific analytics itself (though can be used to provide data to other analytics after the fact. \"The event-related data is collected near real time from the analytic and audit logs provided by enhanced DNS logging and diagnostics in Windows Server 2012 R2.\". Inventory-related data is uploaded every 48 hours.", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": ["https://docs.microsoft.com/en-us/azure/azure-monitor/insights/dns-analytics"], "tags": ["DNS", "Network"], "mapping-description": "", "capability-id": "Azure DNS Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can be used for after-the-fact analysis of potential fast-flux DNS C2", "attack-object-id": "T1568.001", "attack-object-name": "Fast Flux DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure DNS Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1568"}, {"comments": "This control can be used for after-the-fact analysis of potential fast-flux DNS C2", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure DNS Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1568"}, {"comments": "The temporal score for this control on most of the techniques and subtechnique is minimal, since it does not provide specific analytics itself (though can be used to provide data to other analytics after the fact. \"The event-related data is collected near real time from the analytic and audit logs provided by enhanced DNS logging and diagnostics in Windows Server 2012 R2.\". Inventory-related data is uploaded every 48 hours.", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://docs.microsoft.com/en-us/azure/azure-monitor/insights/dns-analytics"], "tags": ["DNS", "Network"], "mapping-description": "", "capability-id": "Azure DNS Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can potentially be used to forensically identify exfiltration via DNS protocol.", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure DNS Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1048"}, {"comments": "The temporal score for this control on most of the techniques and subtechnique is minimal, since it does not provide specific analytics itself (though can be used to provide data to other analytics after the fact. \"The event-related data is collected near real time from the analytic and audit logs provided by enhanced DNS logging and diagnostics in Windows Server 2012 R2.\". Inventory-related data is uploaded every 48 hours.", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": ["https://docs.microsoft.com/en-us/azure/azure-monitor/insights/dns-analytics"], "tags": ["DNS", "Network"], "mapping-description": "", "capability-id": "Azure DNS Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "The temporal score for this control on most of the techniques and subtechnique is minimal, since it does not provide specific analytics itself (though can be used to provide data to other analytics after the fact. \"The event-related data is collected near real time from the analytic and audit logs provided by enhanced DNS logging and diagnostics in Windows Server 2012 R2.\". Inventory-related data is uploaded every 48 hours.", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": ["https://docs.microsoft.com/en-us/azure/azure-monitor/insights/dns-analytics"], "tags": ["DNS", "Network"], "mapping-description": "", "capability-id": "Azure DNS Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can be used forensically to identify DNS queries to known malicious sites, which may be evidence of phishing.", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure DNS Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": "T1566"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time?tabs=jit-config-asc%2Cjit-request-api", "https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender for Servers"], "mapping-description": "", "capability-id": "Just-in-Time VM Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time?tabs=jit-config-asc%2Cjit-request-api", "https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender for Servers"], "mapping-description": "", "capability-id": "Just-in-Time VM Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time?tabs=jit-config-asc%2Cjit-request-api", "https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained"], "tags": ["Azure Security Center", "Azure Security Center Recommendation", "Azure Defender for Servers"], "mapping-description": "", "capability-id": "Just-in-Time VM Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control can be configured to completely block inbound access to selected ports until access is requested. This prevents any attempt at brute forcing a protocol, such as RDP or SSH, unless the attacker has the credentials and permissions to request such access. Even if permission has been granted to an authorized user to access the virtual machine, a list of authorized IP addresses for that access can be configured.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Just-in-Time VM Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control can be configured to completely block inbound access to selected ports until access is requested. This prevents any attempt at brute forcing a protocol, such as RDP or SSH, unless the attacker has the credentials and permissions to request such access. Even if permission has been granted to an authorized user to access the virtual machine, a list of authorized IP addresses for that access can be configured.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Just-in-Time VM Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control can be configured to completely block inbound access to selected ports until access is requested. This prevents any attempt at brute forcing a protocol, such as RDP or SSH, unless the attacker has the credentials and permissions to request such access. Even if permission has been granted to an authorized user to access the virtual machine, a list of authorized IP addresses for that access can be configured.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Just-in-Time VM Access", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment", "https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-database-vulnerability-assessment-rules"], "tags": ["Azure Defender for SQL", "Database"], "mapping-description": "", "capability-id": "SQL Vulnerability Assessment", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment", "https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-database-vulnerability-assessment-rules"], "tags": ["Azure Defender for SQL", "Database"], "mapping-description": "", "capability-id": "SQL Vulnerability Assessment", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may provide recommendations to disable default accounts and restrict permissions for existing accounts.", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "SQL Vulnerability Assessment", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1078"}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": ["https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment", "https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-database-vulnerability-assessment-rules"], "tags": ["Azure Defender for SQL", "Database"], "mapping-description": "", "capability-id": "SQL Vulnerability Assessment", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may scan for users with unnecessary access to SQL stored procedures.", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "SQL Vulnerability Assessment", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1505"}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment", "https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-database-vulnerability-assessment-rules"], "tags": ["Azure Defender for SQL", "Database"], "mapping-description": "", "capability-id": "SQL Vulnerability Assessment", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": ["https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment", "https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-database-vulnerability-assessment-rules"], "tags": ["Azure Defender for SQL", "Database"], "mapping-description": "", "capability-id": "SQL Vulnerability Assessment", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless"], "tags": ["Azure Active Directory", "Credentials", "Identity", "Passwords"], "mapping-description": "", "capability-id": "Passwordless Authentication", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control provides significant protection against password based attacks by completing obviating the need for passwords by replacing it with passwordless credentials.", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Passwordless Authentication", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control provides significant protection against password based attacks by completing obviating the need for passwords by replacing it with passwordless credentials.", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "Passwordless Authentication", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control provides significant protection against password based attacks by completing obviating the need for passwords by replacing it with passwordless credentials.", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "Passwordless Authentication", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "This control provides significant protection against password based attacks by completing obviating the need for passwords by replacing it with passwordless credentials.", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Passwordless Authentication", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": "T1110"}, {"comments": "", "attack-object-id": "T1590", "attack-object-name": "Gather Victim Network Information", "references": ["https://docs.microsoft.com/en-us/azure/firewall/overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can prevent attempts by an adversary to gather this information using active scanning methods but is not effective of gathering this information using phishing related methods.", "attack-object-id": "T1590.004", "attack-object-name": "Network Topology", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "This control can prevent attempts by an adversary to gather this information using active scanning methods but is not effective of gathering this information using phishing related methods.", "attack-object-id": "T1590.005", "attack-object-name": "IP Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "This control can prevent attempts by an adversary to gather this information using active scanning methods but is not effective of gathering this information using phishing related methods.", "attack-object-id": "T1590.006", "attack-object-name": "Network Security Appliances", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1590"}, {"comments": "", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": ["https://docs.microsoft.com/en-us/azure/firewall/overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's threat intelligence-based filtering feature can be enabled to alert and deny traffic from/to known malicious IP addresses and domains. The IP addresses and domains are sourced from the Microsoft Threat Intelligence feed. Because this protection is limited to known malicious IP addresses and domains and does not provide protection from such attacks from unknown domains and IP addresses, this is scored as partial coverage resulting in an overall Partial score.", "attack-object-id": "T1595.001", "attack-object-name": "Scanning IP Blocks", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "This control's threat intelligence-based filtering feature can be enabled to alert and deny traffic from/to known malicious IP addresses and domains. The IP addresses and domains are sourced from the Microsoft Threat Intelligence feed. Because this protection is limited to known malicious IP addresses and domains and does not provide protection from such attacks from unknown domains and IP addresses, this is scored as partial coverage resulting in an overall Partial score.", "attack-object-id": "T1595.002", "attack-object-name": "Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1595"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/firewall/overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": ["https://docs.microsoft.com/en-us/azure/firewall/overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can protect against this sub-technique by enforcing limited access to only required ports. Consequently, even if the adversary is able to utilize port knocking to open additional ports at the host level, it is still blocked at the firewall service level. This service typically applies to external traffic and not internal traffic and therefore lateral movement using this technique within a network is still possible. Due to this partial coverage, it has been scored as Partial.", "attack-object-id": "T1205.001", "attack-object-name": "Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1205"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://docs.microsoft.com/en-us/azure/firewall/overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1018", "attack-object-name": "Remote System Discovery", "references": ["https://docs.microsoft.com/en-us/azure/firewall/overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": ["https://docs.microsoft.com/en-us/azure/firewall/overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/azure/firewall/overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": ["https://docs.microsoft.com/en-us/azure/firewall/overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": ["https://docs.microsoft.com/en-us/azure/firewall/overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://docs.microsoft.com/en-us/azure/firewall/overview"], "tags": ["Azure Security Center Recommendation", "Network"], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control's threat intelligence-based filtering feature can be enabled to alert and deny traffic from/to known malicious IP addresses and domains. The IP addresses and domains are sourced from the Microsoft Threat Intelligence feed. Because this protection is limited to known malicious IP addresses and domains and does not provide protection from such attacks from unknown domains and IP addresses, this is scored as partial coverage resulting in an overall Partial score.", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "This control's threat intelligence-based filtering feature can be enabled to alert and deny traffic from/to known malicious IP addresses and domains. The IP addresses and domains are sourced from the Microsoft Threat Intelligence feed. Because this protection is limited to known malicious IP addresses and domains and does not provide protection from such attacks from unknown domains and IP addresses, this is scored as partial coverage resulting in an overall Partial score.", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "This control's threat intelligence-based filtering feature can be enabled to alert and deny traffic from/to known malicious IP addresses and domains. The IP addresses and domains are sourced from the Microsoft Threat Intelligence feed. Because this protection is limited to known malicious IP addresses and domains and does not provide protection from such attacks from unknown domains and IP addresses, this is scored as partial coverage resulting in an overall Partial score.", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Firewall", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-dns-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-dns"], "tags": ["Network", "DNS"], "mapping-description": "", "capability-id": "Alerts for DNS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Detects \"random\" DNS name occurences, potentially indicative of Fast Flux or DGA. Potential false positives from benign \"random\" DNS names.", "attack-object-id": "T1568.001", "attack-object-name": "Fast Flux DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for DNS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1568"}, {"comments": "Detects \"random\" DNS name occurences, potentially indicative of Fast Flux or DGA. Potential false positives from benign \"random\" DNS names.", "attack-object-id": "T1568.002", "attack-object-name": "Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for DNS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1568"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-dns-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-dns"], "tags": ["Network", "DNS"], "mapping-description": "", "capability-id": "Alerts for DNS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Can alert on anomalies and misuse of the DNS protocol.", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Alerts for DNS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": "T1071"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-dns-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-dns"], "tags": ["Network", "DNS"], "mapping-description": "", "capability-id": "Alerts for DNS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-dns-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-dns"], "tags": ["Network", "DNS"], "mapping-description": "", "capability-id": "Alerts for DNS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://docs.microsoft.com/en-us/azure/security-center/defender-for-dns-introduction", "https://docs.microsoft.com/en-us/azure/security-center/alerts-reference#alerts-dns"], "tags": ["Network", "DNS"], "mapping-description": "", "capability-id": "Alerts for DNS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-continuous-access-evaluation"], "tags": ["Azure Active Directory", "Identity"], "mapping-description": "", "capability-id": "Continuous Access Evaluation", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Minimal", "related-score": ""}, {"comments": "Security controls like Azure AD Identity Protection can raise a user's risk level asynchronously after they have used a valid account to access organizational data. This CAE control can respond to this change in the users risky state to terminate the user's access within minutes or enforce an additional authentication method such as MFA. This mitigates the impact of an adversary using a valid account. This is control only forces the user to re-authenticate and doesn't resolve the usage of a valid account (i.e. password change) and is therefore a containment type of response. ", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "Continuous Access Evaluation", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Partial", "related-score": "T1078"}, {"comments": "Once this control is deployed, it will run a scan every four hours and scans can be run on demand. Documentation notes that within 48 hours of the disclosure of a critical vulnerability, Qualys incorporates the information into their processing and can identify affected machines.\nAll scores are capped at Partial since this control identifies vulnerabilities and does not address the detected vulnerabilities.", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": ["https://docs.microsoft.com/en-us/azure/security-center/deploy-vulnerability-assessment-vm", "https://docs.microsoft.com/en-us/azure/security-center/remediate-vulnerability-findings-vm"], "tags": ["Azure Defender", "Azure Security Center"], "mapping-description": "", "capability-id": "Integrated Vulnerability Scanner Powered by Qualys", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Once this control is deployed, it will run a scan every four hours and scans can be run on demand. Documentation notes that within 48 hours of the disclosure of a critical vulnerability, Qualys incorporates the information into their processing and can identify affected machines.\nAll scores are capped at Partial since this control identifies vulnerabilities and does not address the detected vulnerabilities.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/security-center/deploy-vulnerability-assessment-vm", "https://docs.microsoft.com/en-us/azure/security-center/remediate-vulnerability-findings-vm"], "tags": ["Azure Defender", "Azure Security Center"], "mapping-description": "", "capability-id": "Integrated Vulnerability Scanner Powered by Qualys", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Once this control is deployed, it will run a scan every four hours and scans can be run on demand. Documentation notes that within 48 hours of the disclosure of a critical vulnerability, Qualys incorporates the information into their processing and can identify affected machines.\nAll scores are capped at Partial since this control identifies vulnerabilities and does not address the detected vulnerabilities.", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://docs.microsoft.com/en-us/azure/security-center/deploy-vulnerability-assessment-vm", "https://docs.microsoft.com/en-us/azure/security-center/remediate-vulnerability-findings-vm"], "tags": ["Azure Defender", "Azure Security Center"], "mapping-description": "", "capability-id": "Integrated Vulnerability Scanner Powered by Qualys", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Once this control is deployed, it will run a scan every four hours and scans can be run on demand. Documentation notes that within 48 hours of the disclosure of a critical vulnerability, Qualys incorporates the information into their processing and can identify affected machines.\nAll scores are capped at Partial since this control identifies vulnerabilities and does not address the detected vulnerabilities.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/deploy-vulnerability-assessment-vm", "https://docs.microsoft.com/en-us/azure/security-center/remediate-vulnerability-findings-vm"], "tags": ["Azure Defender", "Azure Security Center"], "mapping-description": "", "capability-id": "Integrated Vulnerability Scanner Powered by Qualys", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Once this control is deployed, it will run a scan every four hours and scans can be run on demand. Documentation notes that within 48 hours of the disclosure of a critical vulnerability, Qualys incorporates the information into their processing and can identify affected machines.\nAll scores are capped at Partial since this control identifies vulnerabilities and does not address the detected vulnerabilities.", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": ["https://docs.microsoft.com/en-us/azure/security-center/deploy-vulnerability-assessment-vm", "https://docs.microsoft.com/en-us/azure/security-center/remediate-vulnerability-findings-vm"], "tags": ["Azure Defender", "Azure Security Center"], "mapping-description": "", "capability-id": "Integrated Vulnerability Scanner Powered by Qualys", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Once this control is deployed, it will run a scan every four hours and scans can be run on demand. Documentation notes that within 48 hours of the disclosure of a critical vulnerability, Qualys incorporates the information into their processing and can identify affected machines.\nAll scores are capped at Partial since this control identifies vulnerabilities and does not address the detected vulnerabilities.", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://docs.microsoft.com/en-us/azure/security-center/deploy-vulnerability-assessment-vm", "https://docs.microsoft.com/en-us/azure/security-center/remediate-vulnerability-findings-vm"], "tags": ["Azure Defender", "Azure Security Center"], "mapping-description": "", "capability-id": "Integrated Vulnerability Scanner Powered by Qualys", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Once this control is deployed, it will run a scan every four hours and scans can be run on demand. Documentation notes that within 48 hours of the disclosure of a critical vulnerability, Qualys incorporates the information into their processing and can identify affected machines.\nAll scores are capped at Partial since this control identifies vulnerabilities and does not address the detected vulnerabilities.", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/security-center/deploy-vulnerability-assessment-vm", "https://docs.microsoft.com/en-us/azure/security-center/remediate-vulnerability-findings-vm"], "tags": ["Azure Defender", "Azure Security Center"], "mapping-description": "", "capability-id": "Integrated Vulnerability Scanner Powered by Qualys", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://docs.microsoft.com/en-us/azure/key-vault/general/overview"], "tags": ["Azure Security Center Recommendation", "Credentials", "Passwords"], "mapping-description": "", "capability-id": "Azure Key Vault", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": ["https://docs.microsoft.com/en-us/azure/key-vault/general/overview"], "tags": ["Azure Security Center Recommendation", "Credentials", "Passwords"], "mapping-description": "", "capability-id": "Azure Key Vault", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://docs.microsoft.com/en-us/azure/key-vault/general/overview"], "tags": ["Azure Security Center Recommendation", "Credentials", "Passwords"], "mapping-description": "", "capability-id": "Azure Key Vault", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.microsoft.com/en-us/azure/key-vault/general/overview"], "tags": ["Azure Security Center Recommendation", "Credentials", "Passwords"], "mapping-description": "", "capability-id": "Azure Key Vault", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1602"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1602"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control can be used to identify anomalous TFTP boot traffic.", "attack-object-id": "T1542.005", "attack-object-name": "TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1542"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1563"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1563"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can identify anomalous traffic with respect specific ports (though it can't identify presence or lack of encryption).", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "This control can identify anomalous traffic with respect specific ports (though it can't identify presence or lack of encryption).", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "This control can identify anomalous traffic with respect specific ports (though it can't identify presence or lack of encryption).", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1048"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can detect anomalous traffic with respect to remote access protocols and groups.", "attack-object-id": "T1021.006", "attack-object-name": "Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "This control can detect anomalous traffic with respect to remote access protocols and groups.", "attack-object-id": "T1021.005", "attack-object-name": "VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "This control can detect anomalous traffic with respect to remote access protocols and groups.", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "This control can detect anomalous traffic with respect to remote access protocols and groups.", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "This control can detect anomalous traffic with respect to remote access protocols and groups.", "attack-object-id": "T1021.001", "attack-object-name": "Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "This control can detect anomalous traffic with respect to remote access protocols and groups.", "attack-object-id": "T1021.003", "attack-object-name": "Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1021"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control can detect anomalous application protocol traffic with respect to network security group (NSG) (though web traffic would be typically too commonplace for this control to be useful).", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "This control can detect anomalous application protocol traffic with respect to network security group (NSG) (though web traffic would be typically too commonplace for this control to be useful).", "attack-object-id": "T1071.003", "attack-object-name": "Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "This control can detect anomalous application protocol traffic with respect to network security group (NSG) (though web traffic would be typically too commonplace for this control to be useful).", "attack-object-id": "T1071.002", "attack-object-name": "File Transfer Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1071"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1499"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": ["https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics"], "tags": ["Analytics", "Network"], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "Azure Network Traffic Analytics", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": "T1090"}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": ["https://docs.microsoft.com/en-us/azure/security-center/harden-docker-hosts"], "tags": ["Azure Security Center", "Containers", "Linux"], "mapping-description": "", "capability-id": "Docker Host Hardening", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": ["https://docs.microsoft.com/en-us/azure/security-center/harden-docker-hosts"], "tags": ["Azure Security Center", "Containers", "Linux"], "mapping-description": "", "capability-id": "Docker Host Hardening", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may provide recommendations to remove setuid and setguid permissions from container images. It may not be feasible to audit and remediate all binaries that have and require setuid and setguid permissions.", "attack-object-id": "T1548.001", "attack-object-name": "Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "Docker Host Hardening", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1548"}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://docs.microsoft.com/en-us/azure/security-center/harden-docker-hosts"], "tags": ["Azure Security Center", "Containers", "Linux"], "mapping-description": "", "capability-id": "Docker Host Hardening", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://docs.microsoft.com/en-us/azure/security-center/harden-docker-hosts"], "tags": ["Azure Security Center", "Containers", "Linux"], "mapping-description": "", "capability-id": "Docker Host Hardening", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": ["https://docs.microsoft.com/en-us/azure/security-center/harden-docker-hosts"], "tags": ["Azure Security Center", "Containers", "Linux"], "mapping-description": "", "capability-id": "Docker Host Hardening", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://docs.microsoft.com/en-us/azure/security-center/harden-docker-hosts"], "tags": ["Azure Security Center", "Containers", "Linux"], "mapping-description": "", "capability-id": "Docker Host Hardening", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may provide recommendations to ensure sshd is not running within Docker containers. This can prevent attackers from utilizing unmonitored SSH servers within containers. This may not prevent attackers from installing a SSH server in containers or hosts.", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "Docker Host Hardening", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": "T1021"}, {"comments": "All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions.", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": ["https://docs.microsoft.com/en-us/azure/security-center/harden-docker-hosts"], "tags": ["Azure Security Center", "Containers", "Linux"], "mapping-description": "", "capability-id": "Docker Host Hardening", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}]} diff --git a/src/mappings_explorer/cli/parsed_mappings/security_stack/GCP/parsed_GCP.json b/src/mappings_explorer/cli/parsed_mappings/security_stack/GCP/parsed_GCP.json index 87bfd445..54abca9c 100644 --- a/src/mappings_explorer/cli/parsed_mappings/security_stack/GCP/parsed_GCP.json +++ b/src/mappings_explorer/cli/parsed_mappings/security_stack/GCP/parsed_GCP.json @@ -1 +1 @@ -{"metadata": {"mapping-version": 1, "attack-version": 10, "technology-domain": "enterprise", "author": "", "contact": "ctid@mitre-engenuity.org", "creation-date": "05/11/2022", "last-update": "", "organization": "", "mapping-framework": "GCP", "mapping-framework-version": ""}, "attack-objects": [{"comments": "This mapping was scored as significant due to the control\u2019s high threat protection coverage to specific ATT&CK (sub-)techniques and temporal factors (e.g., real-time).", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": ["https://cloud.google.com/architecture/automating-malware-scanning-for-documents-uploaded-to-cloud-storage", "https://cloud.google.com/chronicle/docs/investigation/view-virustotal-information", "https://assets.virustotal.com/vt-360-outcomes.pdf"], "tags": ["Antivirus", "Antimalware", "Malware"], "mapping-description": "", "capability-id": "Virus Total", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s high threat protection coverage to specific ATT&CK (sub-)techniques and temporal factors (e.g., real-time).", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": ["https://cloud.google.com/architecture/automating-malware-scanning-for-documents-uploaded-to-cloud-storage", "https://cloud.google.com/chronicle/docs/investigation/view-virustotal-information", "https://assets.virustotal.com/vt-360-outcomes.pdf"], "tags": ["Antivirus", "Antimalware", "Malware"], "mapping-description": "", "capability-id": "Virus Total", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s high threat protection coverage to specific ATT&CK (sub-)techniques and temporal factors (e.g., real-time).", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": ["https://cloud.google.com/architecture/automating-malware-scanning-for-documents-uploaded-to-cloud-storage", "https://cloud.google.com/chronicle/docs/investigation/view-virustotal-information", "https://assets.virustotal.com/vt-360-outcomes.pdf"], "tags": ["Antivirus", "Antimalware", "Malware"], "mapping-description": "", "capability-id": "Virus Total", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s high threat protection coverage to specific ATT&CK (sub-)techniques and temporal factors (e.g., real-time).", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": ["https://cloud.google.com/architecture/automating-malware-scanning-for-documents-uploaded-to-cloud-storage", "https://cloud.google.com/chronicle/docs/investigation/view-virustotal-information", "https://assets.virustotal.com/vt-360-outcomes.pdf"], "tags": ["Antivirus", "Antimalware", "Malware"], "mapping-description": "", "capability-id": "Virus Total", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s high threat protection coverage to specific ATT&CK (sub-)techniques and temporal factors (e.g., real-time).", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": ["https://cloud.google.com/architecture/automating-malware-scanning-for-documents-uploaded-to-cloud-storage", "https://cloud.google.com/chronicle/docs/investigation/view-virustotal-information", "https://assets.virustotal.com/vt-360-outcomes.pdf"], "tags": ["Antivirus", "Antimalware", "Malware"], "mapping-description": "", "capability-id": "Virus Total", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": ["https://cloud.google.com/compute/confidential-vm/docs/about-cvm#security_and_privacy_features"], "tags": ["Encryption"], "mapping-description": "", "capability-id": "Confidential VM and Compute Engine", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control provides a secure alternative to storing encryption keys in the file system.", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://cloud.google.com/kms/docs/hsm"], "tags": ["Encryption", "Data Security"], "mapping-description": "", "capability-id": "Cloud Hardware Security Module (HSM)", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides a secure alternative to storing encryption keys in the file system.", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": ["https://cloud.google.com/kms/docs/hsm"], "tags": ["Encryption", "Data Security"], "mapping-description": "", "capability-id": "Cloud Hardware Security Module (HSM)", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides a secure alternative to storing encryption keys in the file system.", "attack-object-id": "T1588.003", "attack-object-name": "Code Signing Certificates", "references": ["https://cloud.google.com/kms/docs/hsm"], "tags": ["Encryption", "Data Security"], "mapping-description": "", "capability-id": "Cloud Hardware Security Module (HSM)", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides a secure alternative to storing encryption keys in the file system.", "attack-object-id": "T1588.004", "attack-object-name": "Digital Certificates", "references": ["https://cloud.google.com/kms/docs/hsm"], "tags": ["Encryption", "Data Security"], "mapping-description": "", "capability-id": "Cloud Hardware Security Module (HSM)", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides a secure alternative to storing encryption keys in the file system.", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": ["https://cloud.google.com/kms/docs/hsm"], "tags": ["Encryption", "Data Security"], "mapping-description": "", "capability-id": "Cloud Hardware Security Module (HSM)", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides a secure alternative to storing encryption keys in the file system.", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": ["https://cloud.google.com/kms/docs/hsm"], "tags": ["Encryption", "Data Security"], "mapping-description": "", "capability-id": "Cloud Hardware Security Module (HSM)", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides a secure alternative to storing encryption keys in the file system.", "attack-object-id": "T1588", "attack-object-name": "Obtain Capabilities", "references": ["https://cloud.google.com/kms/docs/hsm"], "tags": ["Encryption", "Data Security"], "mapping-description": "", "capability-id": "Cloud Hardware Security Module (HSM)", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://cloud.google.com/certificate-authority-service/docs"], "tags": ["Certificate Service", "Network"], "mapping-description": "", "capability-id": "Certificate Authority Service", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://cloud.google.com/asset-inventory/docs/overview"], "tags": ["Credentials", "Access Management"], "mapping-description": "", "capability-id": "Cloud Asset Inventory", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": ["https://cloud.google.com/asset-inventory/docs/overview"], "tags": ["Credentials", "Access Management"], "mapping-description": "", "capability-id": "Cloud Asset Inventory", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/asset-inventory/docs/overview"], "tags": ["Credentials", "Access Management"], "mapping-description": "", "capability-id": "Cloud Asset Inventory", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://cloud.google.com/asset-inventory/docs/overview"], "tags": ["Credentials", "Access Management"], "mapping-description": "", "capability-id": "Cloud Asset Inventory", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as Partial due the control's low to medium threat protection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": ["https://cloud.google.com/iap"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "Identity Aware Proxy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping was scored as Partial due the control's low to medium threat protection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://cloud.google.com/iap"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "Identity Aware Proxy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping was scored as Partial due the control's low to medium threat protection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://cloud.google.com/iap"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "Identity Aware Proxy", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as Partial due the control's low to medium threat protection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": ["https://cloud.google.com/iap"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "Identity Aware Proxy", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping was scored as Partial due the control's low to medium threat protection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/iap"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "Identity Aware Proxy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as Partial due the control's low to medium threat protection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://cloud.google.com/iap"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "Identity Aware Proxy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as Partial due the control's low to medium threat protection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://cloud.google.com/iap"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "Identity Aware Proxy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may provide information about software vulnerabilities in the environment. ", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://cloud.google.com/container-analysis/docs/container-analysis", "https://cloud.google.com/container-analysis/docs/container-scanning-overview"], "tags": ["Containers", "Vulnerability Analysis", "OS Security"], "mapping-description": "", "capability-id": "Artifact Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may provide information about software vulnerabilities in the environment. ", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://cloud.google.com/container-analysis/docs/container-analysis", "https://cloud.google.com/container-analysis/docs/container-scanning-overview"], "tags": ["Containers", "Vulnerability Analysis", "OS Security"], "mapping-description": "", "capability-id": "Artifact Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may provide information about software vulnerabilities in the environment. ", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://cloud.google.com/container-analysis/docs/container-analysis", "https://cloud.google.com/container-analysis/docs/container-scanning-overview"], "tags": ["Containers", "Vulnerability Analysis", "OS Security"], "mapping-description": "", "capability-id": "Artifact Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may provide information about software vulnerabilities in the environment. ", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://cloud.google.com/container-analysis/docs/container-analysis", "https://cloud.google.com/container-analysis/docs/container-scanning-overview"], "tags": ["Containers", "Vulnerability Analysis", "OS Security"], "mapping-description": "", "capability-id": "Artifact Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may provide information about software vulnerabilities in the environment. ", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": ["https://cloud.google.com/container-analysis/docs/container-analysis", "https://cloud.google.com/container-analysis/docs/container-scanning-overview"], "tags": ["Containers", "Vulnerability Analysis", "OS Security"], "mapping-description": "", "capability-id": "Artifact Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may provide information about software vulnerabilities in the environment. ", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": ["https://cloud.google.com/container-analysis/docs/container-analysis", "https://cloud.google.com/container-analysis/docs/container-scanning-overview"], "tags": ["Containers", "Vulnerability Analysis", "OS Security"], "mapping-description": "", "capability-id": "Artifact Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may provide information about software vulnerabilities in the environment. ", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": ["https://cloud.google.com/container-analysis/docs/container-analysis", "https://cloud.google.com/container-analysis/docs/container-scanning-overview"], "tags": ["Containers", "Vulnerability Analysis", "OS Security"], "mapping-description": "", "capability-id": "Artifact Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may provide information about software vulnerabilities in the environment. ", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": ["https://cloud.google.com/container-analysis/docs/container-analysis", "https://cloud.google.com/container-analysis/docs/container-scanning-overview"], "tags": ["Containers", "Vulnerability Analysis", "OS Security"], "mapping-description": "", "capability-id": "Artifact Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may provide information about software vulnerabilities in the environment. ", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://cloud.google.com/container-analysis/docs/container-analysis", "https://cloud.google.com/container-analysis/docs/container-scanning-overview"], "tags": ["Containers", "Vulnerability Analysis", "OS Security"], "mapping-description": "", "capability-id": "Artifact Registry", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This control provides information about security best practices and policies to apply when deploying Google Kubernetes Engine.", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": ["https://cloud.google.com/kubernetes-engine/docs/concepts/access-control", "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#how_to_audit_benchmarks"], "tags": ["Kubernetes", "Containers"], "mapping-description": "", "capability-id": "Google Kubernetes Engine", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides information about security best practices and policies to apply when deploying Google Kubernetes Engine.", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": ["https://cloud.google.com/kubernetes-engine/docs/concepts/access-control", "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#how_to_audit_benchmarks"], "tags": ["Kubernetes", "Containers"], "mapping-description": "", "capability-id": "Google Kubernetes Engine", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides information about security best practices and policies to apply when deploying Google Kubernetes Engine.", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": ["https://cloud.google.com/kubernetes-engine/docs/concepts/access-control", "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#how_to_audit_benchmarks"], "tags": ["Kubernetes", "Containers"], "mapping-description": "", "capability-id": "Google Kubernetes Engine", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides information about security best practices and policies to apply when deploying Google Kubernetes Engine.", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": ["https://cloud.google.com/kubernetes-engine/docs/concepts/access-control", "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#how_to_audit_benchmarks"], "tags": ["Kubernetes", "Containers"], "mapping-description": "", "capability-id": "Google Kubernetes Engine", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides information about security best practices and policies to apply when deploying Google Kubernetes Engine.", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": ["https://cloud.google.com/kubernetes-engine/docs/concepts/access-control", "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#how_to_audit_benchmarks"], "tags": ["Kubernetes", "Containers"], "mapping-description": "", "capability-id": "Google Kubernetes Engine", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides information about security best practices and policies to apply when deploying Google Kubernetes Engine.", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": ["https://cloud.google.com/kubernetes-engine/docs/concepts/access-control", "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#how_to_audit_benchmarks"], "tags": ["Kubernetes", "Containers"], "mapping-description": "", "capability-id": "Google Kubernetes Engine", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides information about security best practices and policies to apply when deploying Google Kubernetes Engine.", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": ["https://cloud.google.com/kubernetes-engine/docs/concepts/access-control", "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#how_to_audit_benchmarks"], "tags": ["Kubernetes", "Containers"], "mapping-description": "", "capability-id": "Google Kubernetes Engine", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1020", "attack-object-name": "Automated Exfiltration", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable remediation capabilities.", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": ["https://www.actifio.com/solutions/cloud/google/"], "tags": ["Storage"], "mapping-description": "", "capability-id": "Actifio Go", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable remediation capabilities.", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://www.actifio.com/solutions/cloud/google/"], "tags": ["Storage"], "mapping-description": "", "capability-id": "Actifio Go", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable remediation capabilities.", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://www.actifio.com/solutions/cloud/google/"], "tags": ["Storage"], "mapping-description": "", "capability-id": "Actifio Go", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable remediation capabilities.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://www.actifio.com/solutions/cloud/google/"], "tags": ["Storage"], "mapping-description": "", "capability-id": "Actifio Go", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable remediation capabilities.", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://www.actifio.com/solutions/cloud/google/"], "tags": ["Storage"], "mapping-description": "", "capability-id": "Actifio Go", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable remediation capabilities.", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": ["https://www.actifio.com/solutions/cloud/google/"], "tags": ["Storage"], "mapping-description": "", "capability-id": "Actifio Go", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable remediation capabilities.", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": ["https://www.actifio.com/solutions/cloud/google/"], "tags": ["Storage"], "mapping-description": "", "capability-id": "Actifio Go", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable remediation capabilities.", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": ["https://www.actifio.com/solutions/cloud/google/"], "tags": ["Storage"], "mapping-description": "", "capability-id": "Actifio Go", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable remediation capabilities.", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": ["https://www.actifio.com/solutions/cloud/google/"], "tags": ["Storage"], "mapping-description": "", "capability-id": "Actifio Go", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Based on the medium detection coverage for the correlated cyber-attacks, most of the techniques and sub-techniques in this security solution were rated as partial.", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": ["https://cloud.google.com/anthos-config-management/ "], "tags": ["Configuration Management", "Containers", "Policy"], "mapping-description": "", "capability-id": "AnthosConfigManagement", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Based on the medium detection coverage for the correlated cyber-attacks, most of the techniques and sub-techniques in this security solution were rated as partial.", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": ["https://cloud.google.com/anthos-config-management/ "], "tags": ["Configuration Management", "Containers", "Policy"], "mapping-description": "", "capability-id": "AnthosConfigManagement", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Based on the medium detection coverage for the correlated cyber-attacks, most of the techniques and sub-techniques in this security solution were rated as partial.", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": ["https://cloud.google.com/anthos-config-management/ "], "tags": ["Configuration Management", "Containers", "Policy"], "mapping-description": "", "capability-id": "AnthosConfigManagement", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Based on the medium detection coverage for the correlated cyber-attacks, most of the techniques and sub-techniques in this security solution were rated as partial.", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": ["https://cloud.google.com/anthos-config-management/ "], "tags": ["Configuration Management", "Containers", "Policy"], "mapping-description": "", "capability-id": "AnthosConfigManagement", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Based on the medium detection coverage for the correlated cyber-attacks, most of the techniques and sub-techniques in this security solution were rated as partial.", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": ["https://cloud.google.com/anthos-config-management/ "], "tags": ["Configuration Management", "Containers", "Policy"], "mapping-description": "", "capability-id": "AnthosConfigManagement", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Based on the medium detection coverage for the correlated cyber-attacks, most of the techniques and sub-techniques in this security solution were rated as partial.", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": ["https://cloud.google.com/anthos-config-management/ "], "tags": ["Configuration Management", "Containers", "Policy"], "mapping-description": "", "capability-id": "AnthosConfigManagement", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Based on the medium detection coverage for the correlated cyber-attacks, most of the techniques and sub-techniques in this security solution were rated as partial.", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": ["https://cloud.google.com/anthos-config-management/ "], "tags": ["Configuration Management", "Containers", "Policy"], "mapping-description": "", "capability-id": "AnthosConfigManagement", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Based on the medium detection coverage for the correlated cyber-attacks, most of the techniques and sub-techniques in this security solution were rated as partial.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/anthos-config-management/ "], "tags": ["Configuration Management", "Containers", "Policy"], "mapping-description": "", "capability-id": "AnthosConfigManagement", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Based on the medium detection coverage for the correlated cyber-attacks, most of the techniques and sub-techniques in this security solution were rated as partial.", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": ["https://cloud.google.com/anthos-config-management/ "], "tags": ["Configuration Management", "Containers", "Policy"], "mapping-description": "", "capability-id": "AnthosConfigManagement", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Based on the medium detection coverage for the correlated cyber-attacks, most of the techniques and sub-techniques in this security solution were rated as partial.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://cloud.google.com/anthos-config-management/ "], "tags": ["Configuration Management", "Containers", "Policy"], "mapping-description": "", "capability-id": "AnthosConfigManagement", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": ["https://cloud.google.com/web-risk/docs/overview"], "tags": ["Network"], "mapping-description": "", "capability-id": "Web Risk", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": ["https://cloud.google.com/web-risk/docs/overview"], "tags": ["Network"], "mapping-description": "", "capability-id": "Web Risk", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": ["https://cloud.google.com/web-risk/docs/overview"], "tags": ["Network"], "mapping-description": "", "capability-id": "Web Risk", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": ["https://cloud.google.com/web-risk/docs/overview"], "tags": ["Network"], "mapping-description": "", "capability-id": "Web Risk", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": ["https://cloud.google.com/cdn/docs/overview"], "tags": ["Containers", "Kubernetes", "Logging"], "mapping-description": "", "capability-id": "Cloud CDN", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This solution was rated as significant due to the control\u2019s high threat protection coverage and temporal factors (e.g., real-time, periodical).", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://cloud.google.com/beyondcorp-enterprise/docs/overview"], "tags": ["Access Control Policies", "Data Loss Prevention"], "mapping-description": "", "capability-id": "BeyondCorp Enterprise", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This solution was rated as significant due to the control\u2019s high threat protection coverage and temporal factors (e.g., real-time, periodical).", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": ["https://cloud.google.com/beyondcorp-enterprise/docs/overview"], "tags": ["Access Control Policies", "Data Loss Prevention"], "mapping-description": "", "capability-id": "BeyondCorp Enterprise", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This solution was rated as significant due to the control\u2019s high threat protection coverage and temporal factors (e.g., real-time, periodical).", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": ["https://cloud.google.com/beyondcorp-enterprise/docs/overview"], "tags": ["Access Control Policies", "Data Loss Prevention"], "mapping-description": "", "capability-id": "BeyondCorp Enterprise", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This solution was rated as significant due to the control\u2019s high threat protection coverage and temporal factors (e.g., real-time, periodical).", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://cloud.google.com/beyondcorp-enterprise/docs/overview"], "tags": ["Access Control Policies", "Data Loss Prevention"], "mapping-description": "", "capability-id": "BeyondCorp Enterprise", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This solution was rated as significant due to the control\u2019s high threat protection coverage and temporal factors (e.g., real-time, periodical).", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": ["https://cloud.google.com/beyondcorp-enterprise/docs/overview"], "tags": ["Access Control Policies", "Data Loss Prevention"], "mapping-description": "", "capability-id": "BeyondCorp Enterprise", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This solution was rated as significant due to the control\u2019s high threat protection coverage and temporal factors (e.g., real-time, periodical).", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": ["https://cloud.google.com/beyondcorp-enterprise/docs/overview"], "tags": ["Access Control Policies", "Data Loss Prevention"], "mapping-description": "", "capability-id": "BeyondCorp Enterprise", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This solution was rated as significant due to the control\u2019s high threat protection coverage and temporal factors (e.g., real-time, periodical).", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": ["https://cloud.google.com/beyondcorp-enterprise/docs/overview"], "tags": ["Access Control Policies", "Data Loss Prevention"], "mapping-description": "", "capability-id": "BeyondCorp Enterprise", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This solution was rated as significant due to the control\u2019s high threat protection coverage and temporal factors (e.g., real-time, periodical).", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": ["https://cloud.google.com/beyondcorp-enterprise/docs/overview"], "tags": ["Access Control Policies", "Data Loss Prevention"], "mapping-description": "", "capability-id": "BeyondCorp Enterprise", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This solution was rated as significant due to the control\u2019s high threat protection coverage and temporal factors (e.g., real-time, periodical).", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": ["https://cloud.google.com/beyondcorp-enterprise/docs/overview"], "tags": ["Access Control Policies", "Data Loss Prevention"], "mapping-description": "", "capability-id": "BeyondCorp Enterprise", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This solution was rated as significant due to the control\u2019s high threat protection coverage and temporal factors (e.g., real-time, periodical).", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://cloud.google.com/beyondcorp-enterprise/docs/overview"], "tags": ["Access Control Policies", "Data Loss Prevention"], "mapping-description": "", "capability-id": "BeyondCorp Enterprise", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": ["https://cloud.google.com/armor"], "tags": ["Network", "Firewall"], "mapping-description": "", "capability-id": "Cloud Armor", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://cloud.google.com/armor"], "tags": ["Network", "Firewall"], "mapping-description": "", "capability-id": "Cloud Armor", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": ["https://cloud.google.com/armor"], "tags": ["Network", "Firewall"], "mapping-description": "", "capability-id": "Cloud Armor", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://cloud.google.com/armor"], "tags": ["Network", "Firewall"], "mapping-description": "", "capability-id": "Cloud Armor", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1018", "attack-object-name": "Remote System Discovery", "references": ["https://cloud.google.com/armor"], "tags": ["Network", "Firewall"], "mapping-description": "", "capability-id": "Cloud Armor", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://cloud.google.com/armor"], "tags": ["Network", "Firewall"], "mapping-description": "", "capability-id": "Cloud Armor", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://support.google.com/a/answer/1734200?hl=en"], "tags": ["Identity", "Patch Management"], "mapping-description": "", "capability-id": "Endpoint Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://support.google.com/a/answer/1734200?hl=en"], "tags": ["Identity", "Patch Management"], "mapping-description": "", "capability-id": "Endpoint Management", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": ["https://support.google.com/a/answer/1734200?hl=en"], "tags": ["Identity", "Patch Management"], "mapping-description": "", "capability-id": "Endpoint Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": ["https://support.google.com/a/answer/1734200?hl=en"], "tags": ["Identity", "Patch Management"], "mapping-description": "", "capability-id": "Endpoint Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview"], "tags": ["Network", "Encryption"], "mapping-description": "", "capability-id": "CloudVPN", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": ["https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview"], "tags": ["Network", "Encryption"], "mapping-description": "", "capability-id": "CloudVPN", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": ["https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview"], "tags": ["Network", "Encryption"], "mapping-description": "", "capability-id": "CloudVPN", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": ["https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview"], "tags": ["Network", "Encryption"], "mapping-description": "", "capability-id": "CloudVPN", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": ["https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview"], "tags": ["Network", "Encryption"], "mapping-description": "", "capability-id": "CloudVPN", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview"], "tags": ["Network", "Encryption"], "mapping-description": "", "capability-id": "CloudVPN", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to AWS Key Management Service, AWS Cloud HSM, and Azure KeyVault.", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://cloud.google.com/security-key-management"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Cloud Key Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Similar to AWS Key Management Service, AWS Cloud HSM, and Azure KeyVault.", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": ["https://cloud.google.com/security-key-management"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Cloud Key Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Similar to AWS Key Management Service, AWS Cloud HSM, and Azure KeyVault.", "attack-object-id": "T1588", "attack-object-name": "Obtain Capabilities", "references": ["https://cloud.google.com/security-key-management"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Cloud Key Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to AWS Key Management Service, AWS Cloud HSM, and Azure KeyVault.", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": ["https://cloud.google.com/security-key-management"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Cloud Key Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Similar to AWS Key Management Service, AWS Cloud HSM, and Azure KeyVault.", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": ["https://cloud.google.com/security-key-management"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Cloud Key Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to AWS Key Management Service, AWS Cloud HSM, and Azure KeyVault.", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://cloud.google.com/security-key-management"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Cloud Key Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to AWS Key Management Service, AWS Cloud HSM, and Azure KeyVault.", "attack-object-id": "T1588.003", "attack-object-name": "Code Signing Certificates", "references": ["https://cloud.google.com/security-key-management"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Cloud Key Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to AWS Key Management Service, AWS Cloud HSM, and Azure KeyVault.", "attack-object-id": "T1588.004", "attack-object-name": "Digital Certificates", "references": ["https://cloud.google.com/security-key-management"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Cloud Key Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to AWS Key Management Service, AWS Cloud HSM, and Azure KeyVault.", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": ["https://cloud.google.com/security-key-management"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Cloud Key Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Similar to AWS Key Management Service, AWS Cloud HSM, and Azure KeyVault.", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": ["https://cloud.google.com/security-key-management"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Cloud Key Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": ["https://cloud.google.com/titan-security-key#section-3"], "tags": ["Multi-Factor Authentication", "Identity"], "mapping-description": "", "capability-id": "Titan Security Key", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1546.001", "attack-object-name": "Change Default File Association", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1547.001", "attack-object-name": "Registry Run Keys / Startup Folder", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1564.001", "attack-object-name": "Hidden Files and Directories", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1564", "attack-object-name": "Hide Artifacts", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1584.002", "attack-object-name": "DNS Server", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1584", "attack-object-name": "Compromise Infrastructure", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1056", "attack-object-name": "Input Capture", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1056.004", "attack-object-name": "Credential API Hooking", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1082", "attack-object-name": "System Information Discovery", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1018", "attack-object-name": "Remote System Discovery", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1027.004", "attack-object-name": "Compile After Delivery", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1546.007", "attack-object-name": "Netsh Helper DLL", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1070.004", "attack-object-name": "File Deletion", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1020", "attack-object-name": "Automated Exfiltration", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1070.006", "attack-object-name": "Timestomp", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1057", "attack-object-name": "Process Discovery", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1016", "attack-object-name": "System Network Configuration Discovery", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1049", "attack-object-name": "System Network Connections Discovery", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1033", "attack-object-name": "System Owner/User Discovery", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1588.002", "attack-object-name": "Tool", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1588", "attack-object-name": "Obtain Capabilities", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1202", "attack-object-name": "Indirect Command Execution", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": ["https://cloud.google.com/cloud-provider-access-management/access-transparency/docs/overview"], "tags": ["Auditing", "Access Management"], "mapping-description": "", "capability-id": "Access Transparency", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://cloud.google.com/cloud-provider-access-management/access-transparency/docs/overview"], "tags": ["Auditing", "Access Management"], "mapping-description": "", "capability-id": "Access Transparency", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": ["https://cloud.google.com/compute/shielded-vm/docs/shielded-vm"], "tags": ["Vulnerability Management"], "mapping-description": "", "capability-id": "Shielded VM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1014", "attack-object-name": "Rootkit", "references": ["https://cloud.google.com/compute/shielded-vm/docs/shielded-vm"], "tags": ["Vulnerability Management"], "mapping-description": "", "capability-id": "Shielded VM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1018", "attack-object-name": "Remote System Discovery", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1590", "attack-object-name": "Gather Victim Network Information", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1589.001", "attack-object-name": "Credentials", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1014", "attack-object-name": "Rootkit", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "There are other methods available for users to secure data with the use of client-side encryption and customer encryption-keys.", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://cloud.google.com/storage/docs/encryption", "https://cloud.google.com/storage"], "tags": ["Storage", "Data Security", "Encryption", "Credentials"], "mapping-description": "", "capability-id": "Cloud Storage", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "There are other methods available for users to secure data with the use of client-side encryption and customer encryption-keys.", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": ["https://cloud.google.com/storage/docs/encryption", "https://cloud.google.com/storage"], "tags": ["Storage", "Data Security", "Encryption", "Credentials"], "mapping-description": "", "capability-id": "Cloud Storage", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "There are other methods available for users to secure data with the use of client-side encryption and customer encryption-keys.", "attack-object-id": "T1588.004", "attack-object-name": "Digital Certificates", "references": ["https://cloud.google.com/storage/docs/encryption", "https://cloud.google.com/storage"], "tags": ["Storage", "Data Security", "Encryption", "Credentials"], "mapping-description": "", "capability-id": "Cloud Storage", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "There are other methods available for users to secure data with the use of client-side encryption and customer encryption-keys.", "attack-object-id": "T1588.003", "attack-object-name": "Code Signing Certificates", "references": ["https://cloud.google.com/storage/docs/encryption", "https://cloud.google.com/storage"], "tags": ["Storage", "Data Security", "Encryption", "Credentials"], "mapping-description": "", "capability-id": "Cloud Storage", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://cloud.google.com/dlp/docs"], "tags": ["Storage"], "mapping-description": "", "capability-id": "Cloud Data Loss Prevention", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Binary authorization provides the capability to configure a policy that is enforced when an attempt is made to deploy a container image.", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": ["https://cloud.google.com/binary-authorization/docs/overview", "https://cloud.google.com/binary-authorization/docs/attestations"], "tags": ["Binary Authorization"], "mapping-description": "", "capability-id": "Binary Authorization", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Binary authorization provides the capability to configure a policy that is enforced when an attempt is made to deploy a container image.", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": ["https://cloud.google.com/binary-authorization/docs/overview", "https://cloud.google.com/binary-authorization/docs/attestations"], "tags": ["Binary Authorization"], "mapping-description": "", "capability-id": "Binary Authorization", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Binary authorization provides the capability to configure a policy that is enforced when an attempt is made to deploy a container image.", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": ["https://cloud.google.com/binary-authorization/docs/overview", "https://cloud.google.com/binary-authorization/docs/attestations"], "tags": ["Binary Authorization"], "mapping-description": "", "capability-id": "Binary Authorization", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Binary authorization provides the capability to configure a policy that is enforced when an attempt is made to deploy a container image.", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": ["https://cloud.google.com/binary-authorization/docs/overview", "https://cloud.google.com/binary-authorization/docs/attestations"], "tags": ["Binary Authorization"], "mapping-description": "", "capability-id": "Binary Authorization", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Binary authorization provides the capability to configure a policy that is enforced when an attempt is made to deploy a container image.", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": ["https://cloud.google.com/binary-authorization/docs/overview", "https://cloud.google.com/binary-authorization/docs/attestations"], "tags": ["Binary Authorization"], "mapping-description": "", "capability-id": "Binary Authorization", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Binary authorization provides the capability to configure a policy that is enforced when an attempt is made to deploy a container image.", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": ["https://cloud.google.com/binary-authorization/docs/overview", "https://cloud.google.com/binary-authorization/docs/attestations"], "tags": ["Binary Authorization"], "mapping-description": "", "capability-id": "Binary Authorization", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Binary authorization provides the capability to configure a policy that is enforced when an attempt is made to deploy a container image.", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": ["https://cloud.google.com/binary-authorization/docs/overview", "https://cloud.google.com/binary-authorization/docs/attestations"], "tags": ["Binary Authorization"], "mapping-description": "", "capability-id": "Binary Authorization", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Binary authorization provides the capability to configure a policy that is enforced when an attempt is made to deploy a container image.", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": ["https://cloud.google.com/binary-authorization/docs/overview", "https://cloud.google.com/binary-authorization/docs/attestations"], "tags": ["Binary Authorization"], "mapping-description": "", "capability-id": "Binary Authorization", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://cloud.google.com/secret-manager/docs/overview"], "tags": ["Data Security"], "mapping-description": "", "capability-id": "Secret Manager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": ["https://cloud.google.com/secret-manager/docs/overview"], "tags": ["Data Security"], "mapping-description": "", "capability-id": "Secret Manager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://cloud.google.com/secret-manager/docs/overview"], "tags": ["Data Security"], "mapping-description": "", "capability-id": "Secret Manager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://cloud.google.com/secret-manager/docs/overview"], "tags": ["Data Security"], "mapping-description": "", "capability-id": "Secret Manager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1590", "attack-object-name": "Gather Victim Network Information", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1590.004", "attack-object-name": "Network Topology", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1590.005", "attack-object-name": "IP Addresses", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1595.001", "attack-object-name": "Scanning IP Blocks", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1018", "attack-object-name": "Remote System Discovery", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://cloud.google.com/recaptcha-enterprise"], "tags": ["Multi-Factor Authentication", "Identity"], "mapping-description": "", "capability-id": "ReCAPTCHA Enterprise", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": ["https://cloud.google.com/recaptcha-enterprise"], "tags": ["Multi-Factor Authentication", "Identity"], "mapping-description": "", "capability-id": "ReCAPTCHA Enterprise", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": ["https://cloud.google.com/recaptcha-enterprise"], "tags": ["Multi-Factor Authentication", "Identity"], "mapping-description": "", "capability-id": "ReCAPTCHA Enterprise", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/vpc-service-controls/docs/overview"], "tags": ["Virtual Private Cloud", "Access Control Policies", "Network"], "mapping-description": "", "capability-id": "VPC Service Controls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": ["https://cloud.google.com/vpc-service-controls/docs/overview"], "tags": ["Virtual Private Cloud", "Access Control Policies", "Network"], "mapping-description": "", "capability-id": "VPC Service Controls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://cloud.google.com/vpc-service-controls/docs/overview"], "tags": ["Virtual Private Cloud", "Access Control Policies", "Network"], "mapping-description": "", "capability-id": "VPC Service Controls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": ["https://cloud.google.com/vpc-service-controls/docs/overview"], "tags": ["Virtual Private Cloud", "Access Control Policies", "Network"], "mapping-description": "", "capability-id": "VPC Service Controls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": ["https://cloud.google.com/vpc-service-controls/docs/overview"], "tags": ["Virtual Private Cloud", "Access Control Policies", "Network"], "mapping-description": "", "capability-id": "VPC Service Controls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure AD for Managed Identities, Azure Role Based Access Control, AWS Identity and Access Management.", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://cloud.google.com/iam"], "tags": ["Identity", "Credentials", "Access Management", "Multi-Factor Authentication", "Role Based Access Control"], "mapping-description": "", "capability-id": "Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure AD for Managed Identities, Azure Role Based Access Control, AWS Identity and Access Management.", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": ["https://cloud.google.com/iam"], "tags": ["Identity", "Credentials", "Access Management", "Multi-Factor Authentication", "Role Based Access Control"], "mapping-description": "", "capability-id": "Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure AD for Managed Identities, Azure Role Based Access Control, AWS Identity and Access Management.", "attack-object-id": "T1069", "attack-object-name": "Permission Groups Discovery", "references": ["https://cloud.google.com/iam"], "tags": ["Identity", "Credentials", "Access Management", "Multi-Factor Authentication", "Role Based Access Control"], "mapping-description": "", "capability-id": "Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Similar to Azure AD for Managed Identities, Azure Role Based Access Control, AWS Identity and Access Management.", "attack-object-id": "T1069.003", "attack-object-name": "Cloud Groups", "references": ["https://cloud.google.com/iam"], "tags": ["Identity", "Credentials", "Access Management", "Multi-Factor Authentication", "Role Based Access Control"], "mapping-description": "", "capability-id": "Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Similar to Azure AD for Managed Identities, Azure Role Based Access Control, AWS Identity and Access Management.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/iam"], "tags": ["Identity", "Credentials", "Access Management", "Multi-Factor Authentication", "Role Based Access Control"], "mapping-description": "", "capability-id": "Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure AD for Managed Identities, Azure Role Based Access Control, AWS Identity and Access Management.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/iam"], "tags": ["Identity", "Credentials", "Access Management", "Multi-Factor Authentication", "Role Based Access Control"], "mapping-description": "", "capability-id": "Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure AD for Managed Identities, Azure Role Based Access Control, AWS Identity and Access Management.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://cloud.google.com/iam"], "tags": ["Identity", "Credentials", "Access Management", "Multi-Factor Authentication", "Role Based Access Control"], "mapping-description": "", "capability-id": "Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure AD for Managed Identities, Azure Role Based Access Control, AWS Identity and Access Management.", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": ["https://cloud.google.com/iam"], "tags": ["Identity", "Credentials", "Access Management", "Multi-Factor Authentication", "Role Based Access Control"], "mapping-description": "", "capability-id": "Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure AD for Managed Identities, Azure Role Based Access Control, AWS Identity and Access Management.", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://cloud.google.com/iam"], "tags": ["Identity", "Credentials", "Access Management", "Multi-Factor Authentication", "Role Based Access Control"], "mapping-description": "", "capability-id": "Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Similar to Azure AD for Managed Identities, Azure Role Based Access Control, AWS Identity and Access Management.", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": ["https://cloud.google.com/iam"], "tags": ["Identity", "Credentials", "Access Management", "Multi-Factor Authentication", "Role Based Access Control"], "mapping-description": "", "capability-id": "Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping was scored as Partial due to the medium threat protection coverage to specific (sub-) techniques of MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://cloud.google.com/compute/docs/vm-manager"], "tags": ["Patch Management", "Vulnerability Management", "Configuration Management", "Credentials"], "mapping-description": "", "capability-id": "VMManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as Partial due to the medium threat protection coverage to specific (sub-) techniques of MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://cloud.google.com/compute/docs/vm-manager"], "tags": ["Patch Management", "Vulnerability Management", "Configuration Management", "Credentials"], "mapping-description": "", "capability-id": "VMManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as Partial due to the medium threat protection coverage to specific (sub-) techniques of MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://cloud.google.com/compute/docs/vm-manager"], "tags": ["Patch Management", "Vulnerability Management", "Configuration Management", "Credentials"], "mapping-description": "", "capability-id": "VMManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as Partial due to the medium threat protection coverage to specific (sub-) techniques of MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://cloud.google.com/compute/docs/vm-manager"], "tags": ["Patch Management", "Vulnerability Management", "Configuration Management", "Credentials"], "mapping-description": "", "capability-id": "VMManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as Partial due to the medium threat protection coverage to specific (sub-) techniques of MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": ["https://cloud.google.com/compute/docs/vm-manager"], "tags": ["Patch Management", "Vulnerability Management", "Configuration Management", "Credentials"], "mapping-description": "", "capability-id": "VMManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as Partial due to the medium threat protection coverage to specific (sub-) techniques of MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://cloud.google.com/compute/docs/vm-manager"], "tags": ["Patch Management", "Vulnerability Management", "Configuration Management", "Credentials"], "mapping-description": "", "capability-id": "VMManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as Partial due to the medium threat protection coverage to specific (sub-) techniques of MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": ["https://cloud.google.com/compute/docs/vm-manager"], "tags": ["Patch Management", "Vulnerability Management", "Configuration Management", "Credentials"], "mapping-description": "", "capability-id": "VMManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Google Cloud's Artifact Registry is the recommended service for managing containers. Container Registry provides a subset of the features found in Artifact Registry and will only receive critical security fixes.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/container-registry/docs/container-analysis", "https://cloud.google.com/artifact-registry/docs/transition/transition-from-gcr"], "tags": ["Containers", "Vulnerability Analysis"], "mapping-description": "", "capability-id": "Container Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Google Cloud's Artifact Registry is the recommended service for managing containers. Container Registry provides a subset of the features found in Artifact Registry and will only receive critical security fixes.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://cloud.google.com/container-registry/docs/container-analysis", "https://cloud.google.com/artifact-registry/docs/transition/transition-from-gcr"], "tags": ["Containers", "Vulnerability Analysis"], "mapping-description": "", "capability-id": "Container Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Google Cloud's Artifact Registry is the recommended service for managing containers. Container Registry provides a subset of the features found in Artifact Registry and will only receive critical security fixes.", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": ["https://cloud.google.com/container-registry/docs/container-analysis", "https://cloud.google.com/artifact-registry/docs/transition/transition-from-gcr"], "tags": ["Containers", "Vulnerability Analysis"], "mapping-description": "", "capability-id": "Container Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Google Cloud's Artifact Registry is the recommended service for managing containers. Container Registry provides a subset of the features found in Artifact Registry and will only receive critical security fixes.", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": ["https://cloud.google.com/container-registry/docs/container-analysis", "https://cloud.google.com/artifact-registry/docs/transition/transition-from-gcr"], "tags": ["Containers", "Vulnerability Analysis"], "mapping-description": "", "capability-id": "Container Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Google Cloud's Artifact Registry is the recommended service for managing containers. Container Registry provides a subset of the features found in Artifact Registry and will only receive critical security fixes.", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://cloud.google.com/container-registry/docs/container-analysis", "https://cloud.google.com/artifact-registry/docs/transition/transition-from-gcr"], "tags": ["Containers", "Vulnerability Analysis"], "mapping-description": "", "capability-id": "Container Registry", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}]} \ No newline at end of file +{"metadata": {"mapping-version": 1, "attack-version": 10, "technology-domain": "enterprise", "author": "", "contact": "ctid@mitre-engenuity.org", "creation-date": "05/11/2022", "last-update": "", "organization": "", "mapping-framework": "GCP", "mapping-framework-version": ""}, "attack-objects": [{"comments": "This mapping was scored as significant due to the control\u2019s high threat protection coverage to specific ATT&CK (sub-)techniques and temporal factors (e.g., real-time).", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": ["https://cloud.google.com/architecture/automating-malware-scanning-for-documents-uploaded-to-cloud-storage", "https://cloud.google.com/chronicle/docs/investigation/view-virustotal-information", "https://assets.virustotal.com/vt-360-outcomes.pdf"], "tags": ["Antivirus", "Antimalware", "Malware"], "mapping-description": "", "capability-id": "Virus Total", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s high threat protection coverage to specific ATT&CK (sub-)techniques and temporal factors (e.g., real-time).", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": ["https://cloud.google.com/architecture/automating-malware-scanning-for-documents-uploaded-to-cloud-storage", "https://cloud.google.com/chronicle/docs/investigation/view-virustotal-information", "https://assets.virustotal.com/vt-360-outcomes.pdf"], "tags": ["Antivirus", "Antimalware", "Malware"], "mapping-description": "", "capability-id": "Virus Total", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s high threat protection coverage to specific ATT&CK (sub-)techniques and temporal factors (e.g., real-time).", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": ["https://cloud.google.com/architecture/automating-malware-scanning-for-documents-uploaded-to-cloud-storage", "https://cloud.google.com/chronicle/docs/investigation/view-virustotal-information", "https://assets.virustotal.com/vt-360-outcomes.pdf"], "tags": ["Antivirus", "Antimalware", "Malware"], "mapping-description": "", "capability-id": "Virus Total", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s high threat protection coverage to specific ATT&CK (sub-)techniques and temporal factors (e.g., real-time).", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": ["https://cloud.google.com/architecture/automating-malware-scanning-for-documents-uploaded-to-cloud-storage", "https://cloud.google.com/chronicle/docs/investigation/view-virustotal-information", "https://assets.virustotal.com/vt-360-outcomes.pdf"], "tags": ["Antivirus", "Antimalware", "Malware"], "mapping-description": "", "capability-id": "Virus Total", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s high threat protection coverage to specific ATT&CK (sub-)techniques and temporal factors (e.g., real-time).", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": ["https://cloud.google.com/architecture/automating-malware-scanning-for-documents-uploaded-to-cloud-storage", "https://cloud.google.com/chronicle/docs/investigation/view-virustotal-information", "https://assets.virustotal.com/vt-360-outcomes.pdf"], "tags": ["Antivirus", "Antimalware", "Malware"], "mapping-description": "", "capability-id": "Virus Total", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Runtime Data Manipulation", "references": ["https://cloud.google.com/compute/confidential-vm/docs/about-cvm#security_and_privacy_features"], "tags": ["Encryption"], "mapping-description": "", "capability-id": "Confidential VM and Compute Engine", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This control provides a secure alternative to storing encryption keys in the file system.", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://cloud.google.com/kms/docs/hsm"], "tags": ["Encryption", "Data Security"], "mapping-description": "", "capability-id": "Cloud Hardware Security Module (HSM)", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides a secure alternative to storing encryption keys in the file system.", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": ["https://cloud.google.com/kms/docs/hsm"], "tags": ["Encryption", "Data Security"], "mapping-description": "", "capability-id": "Cloud Hardware Security Module (HSM)", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides a secure alternative to storing encryption keys in the file system.", "attack-object-id": "T1588.003", "attack-object-name": "Code Signing Certificates", "references": ["https://cloud.google.com/kms/docs/hsm"], "tags": ["Encryption", "Data Security"], "mapping-description": "", "capability-id": "Cloud Hardware Security Module (HSM)", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides a secure alternative to storing encryption keys in the file system.", "attack-object-id": "T1588.004", "attack-object-name": "Digital Certificates", "references": ["https://cloud.google.com/kms/docs/hsm"], "tags": ["Encryption", "Data Security"], "mapping-description": "", "capability-id": "Cloud Hardware Security Module (HSM)", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides a secure alternative to storing encryption keys in the file system.", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": ["https://cloud.google.com/kms/docs/hsm"], "tags": ["Encryption", "Data Security"], "mapping-description": "", "capability-id": "Cloud Hardware Security Module (HSM)", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides a secure alternative to storing encryption keys in the file system.", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": ["https://cloud.google.com/kms/docs/hsm"], "tags": ["Encryption", "Data Security"], "mapping-description": "", "capability-id": "Cloud Hardware Security Module (HSM)", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides a secure alternative to storing encryption keys in the file system.", "attack-object-id": "T1588", "attack-object-name": "Obtain Capabilities", "references": ["https://cloud.google.com/kms/docs/hsm"], "tags": ["Encryption", "Data Security"], "mapping-description": "", "capability-id": "Cloud Hardware Security Module (HSM)", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://cloud.google.com/certificate-authority-service/docs"], "tags": ["Certificate Service", "Network"], "mapping-description": "", "capability-id": "Certificate Authority Service", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://cloud.google.com/asset-inventory/docs/overview"], "tags": ["Credentials", "Access Management"], "mapping-description": "", "capability-id": "Cloud Asset Inventory", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": ["https://cloud.google.com/asset-inventory/docs/overview"], "tags": ["Credentials", "Access Management"], "mapping-description": "", "capability-id": "Cloud Asset Inventory", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/asset-inventory/docs/overview"], "tags": ["Credentials", "Access Management"], "mapping-description": "", "capability-id": "Cloud Asset Inventory", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://cloud.google.com/asset-inventory/docs/overview"], "tags": ["Credentials", "Access Management"], "mapping-description": "", "capability-id": "Cloud Asset Inventory", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as Partial due the control's low to medium threat protection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": ["https://cloud.google.com/iap"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "Identity Aware Proxy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping was scored as Partial due the control's low to medium threat protection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://cloud.google.com/iap"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "Identity Aware Proxy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping was scored as Partial due the control's low to medium threat protection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://cloud.google.com/iap"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "Identity Aware Proxy", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as Partial due the control's low to medium threat protection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": ["https://cloud.google.com/iap"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "Identity Aware Proxy", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping was scored as Partial due the control's low to medium threat protection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/iap"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "Identity Aware Proxy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as Partial due the control's low to medium threat protection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://cloud.google.com/iap"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "Identity Aware Proxy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as Partial due the control's low to medium threat protection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://cloud.google.com/iap"], "tags": ["Identity", "Credentials"], "mapping-description": "", "capability-id": "Identity Aware Proxy", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may provide information about software vulnerabilities in the environment. ", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://cloud.google.com/container-analysis/docs/container-analysis", "https://cloud.google.com/container-analysis/docs/container-scanning-overview"], "tags": ["Containers", "Vulnerability Analysis", "OS Security"], "mapping-description": "", "capability-id": "Artifact Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may provide information about software vulnerabilities in the environment. ", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://cloud.google.com/container-analysis/docs/container-analysis", "https://cloud.google.com/container-analysis/docs/container-scanning-overview"], "tags": ["Containers", "Vulnerability Analysis", "OS Security"], "mapping-description": "", "capability-id": "Artifact Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may provide information about software vulnerabilities in the environment. ", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://cloud.google.com/container-analysis/docs/container-analysis", "https://cloud.google.com/container-analysis/docs/container-scanning-overview"], "tags": ["Containers", "Vulnerability Analysis", "OS Security"], "mapping-description": "", "capability-id": "Artifact Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may provide information about software vulnerabilities in the environment. ", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://cloud.google.com/container-analysis/docs/container-analysis", "https://cloud.google.com/container-analysis/docs/container-scanning-overview"], "tags": ["Containers", "Vulnerability Analysis", "OS Security"], "mapping-description": "", "capability-id": "Artifact Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may provide information about software vulnerabilities in the environment. ", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": ["https://cloud.google.com/container-analysis/docs/container-analysis", "https://cloud.google.com/container-analysis/docs/container-scanning-overview"], "tags": ["Containers", "Vulnerability Analysis", "OS Security"], "mapping-description": "", "capability-id": "Artifact Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may provide information about software vulnerabilities in the environment. ", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": ["https://cloud.google.com/container-analysis/docs/container-analysis", "https://cloud.google.com/container-analysis/docs/container-scanning-overview"], "tags": ["Containers", "Vulnerability Analysis", "OS Security"], "mapping-description": "", "capability-id": "Artifact Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may provide information about software vulnerabilities in the environment. ", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": ["https://cloud.google.com/container-analysis/docs/container-analysis", "https://cloud.google.com/container-analysis/docs/container-scanning-overview"], "tags": ["Containers", "Vulnerability Analysis", "OS Security"], "mapping-description": "", "capability-id": "Artifact Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This control may provide information about software vulnerabilities in the environment. ", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": ["https://cloud.google.com/container-analysis/docs/container-analysis", "https://cloud.google.com/container-analysis/docs/container-scanning-overview"], "tags": ["Containers", "Vulnerability Analysis", "OS Security"], "mapping-description": "", "capability-id": "Artifact Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control may provide information about software vulnerabilities in the environment. ", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://cloud.google.com/container-analysis/docs/container-analysis", "https://cloud.google.com/container-analysis/docs/container-scanning-overview"], "tags": ["Containers", "Vulnerability Analysis", "OS Security"], "mapping-description": "", "capability-id": "Artifact Registry", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This control provides information about security best practices and policies to apply when deploying Google Kubernetes Engine.", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": ["https://cloud.google.com/kubernetes-engine/docs/concepts/access-control", "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#how_to_audit_benchmarks"], "tags": ["Kubernetes", "Containers"], "mapping-description": "", "capability-id": "Google Kubernetes Engine", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides information about security best practices and policies to apply when deploying Google Kubernetes Engine.", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": ["https://cloud.google.com/kubernetes-engine/docs/concepts/access-control", "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#how_to_audit_benchmarks"], "tags": ["Kubernetes", "Containers"], "mapping-description": "", "capability-id": "Google Kubernetes Engine", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides information about security best practices and policies to apply when deploying Google Kubernetes Engine.", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": ["https://cloud.google.com/kubernetes-engine/docs/concepts/access-control", "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#how_to_audit_benchmarks"], "tags": ["Kubernetes", "Containers"], "mapping-description": "", "capability-id": "Google Kubernetes Engine", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides information about security best practices and policies to apply when deploying Google Kubernetes Engine.", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": ["https://cloud.google.com/kubernetes-engine/docs/concepts/access-control", "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#how_to_audit_benchmarks"], "tags": ["Kubernetes", "Containers"], "mapping-description": "", "capability-id": "Google Kubernetes Engine", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides information about security best practices and policies to apply when deploying Google Kubernetes Engine.", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": ["https://cloud.google.com/kubernetes-engine/docs/concepts/access-control", "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#how_to_audit_benchmarks"], "tags": ["Kubernetes", "Containers"], "mapping-description": "", "capability-id": "Google Kubernetes Engine", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides information about security best practices and policies to apply when deploying Google Kubernetes Engine.", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": ["https://cloud.google.com/kubernetes-engine/docs/concepts/access-control", "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#how_to_audit_benchmarks"], "tags": ["Kubernetes", "Containers"], "mapping-description": "", "capability-id": "Google Kubernetes Engine", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This control provides information about security best practices and policies to apply when deploying Google Kubernetes Engine.", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": ["https://cloud.google.com/kubernetes-engine/docs/concepts/access-control", "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#how_to_audit_benchmarks"], "tags": ["Kubernetes", "Containers"], "mapping-description": "", "capability-id": "Google Kubernetes Engine", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1546.006", "attack-object-name": "LC_LOAD_DYLIB Addition", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1204.002", "attack-object-name": "Malicious File", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1055.002", "attack-object-name": "Portable Executable Injection", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1020", "attack-object-name": "Automated Exfiltration", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1499.003", "attack-object-name": "Application Exhaustion Flood", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1566.002", "attack-object-name": "Spearphishing Link", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1137.006", "attack-object-name": "Add-ins", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\nThe cyber-attacks mapped are considered a subset of the most notable threat detection available for Cloud IDS, but a thorough mapping to all of Palo Alto Network's advanced threat detection technologies wasn't possible due to constant updates, 3rd party vendor's extensive documentation, and new threat signatures.", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": ["https://cloud.google.com/intrusion-detection-system", "https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/threat-signatures"], "tags": ["Cloud IDS", "Intrusion Detection Service (IDS)", "Palo Alto Network's Threat Signatures", "Analytics"], "mapping-description": "", "capability-id": "Cloud IDS", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": ["https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"], "tags": ["Identity", "Access Management", "Credentials", "Network", "Configuration Management"], "mapping-description": "", "capability-id": "ResourceManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable remediation capabilities.", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": ["https://www.actifio.com/solutions/cloud/google/"], "tags": ["Storage"], "mapping-description": "", "capability-id": "Actifio Go", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable remediation capabilities.", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://www.actifio.com/solutions/cloud/google/"], "tags": ["Storage"], "mapping-description": "", "capability-id": "Actifio Go", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable remediation capabilities.", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://www.actifio.com/solutions/cloud/google/"], "tags": ["Storage"], "mapping-description": "", "capability-id": "Actifio Go", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable remediation capabilities.", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://www.actifio.com/solutions/cloud/google/"], "tags": ["Storage"], "mapping-description": "", "capability-id": "Actifio Go", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable remediation capabilities.", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": ["https://www.actifio.com/solutions/cloud/google/"], "tags": ["Storage"], "mapping-description": "", "capability-id": "Actifio Go", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable remediation capabilities.", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": ["https://www.actifio.com/solutions/cloud/google/"], "tags": ["Storage"], "mapping-description": "", "capability-id": "Actifio Go", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable remediation capabilities.", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": ["https://www.actifio.com/solutions/cloud/google/"], "tags": ["Storage"], "mapping-description": "", "capability-id": "Actifio Go", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable remediation capabilities.", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": ["https://www.actifio.com/solutions/cloud/google/"], "tags": ["Storage"], "mapping-description": "", "capability-id": "Actifio Go", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was scored as significant due to the control\u2019s notable remediation capabilities.", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": ["https://www.actifio.com/solutions/cloud/google/"], "tags": ["Storage"], "mapping-description": "", "capability-id": "Actifio Go", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Local Accounts", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Application Access Token", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Domain Account", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Exchange Email Delegate Permissions", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Add Office 365 Global Administrator Role", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "SSH Authorized Keys", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Domain Account", "references": ["https://cloud.google.com/identity-platform/docs/concepts"], "tags": ["Identity", "Multi-Factor Authentication", "Passwords", "Credentials", "Access Management"], "mapping-description": "", "capability-id": "IdentityPlatform", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Based on the medium detection coverage for the correlated cyber-attacks, most of the techniques and sub-techniques in this security solution were rated as partial.", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": ["https://cloud.google.com/anthos-config-management/ "], "tags": ["Configuration Management", "Containers", "Policy"], "mapping-description": "", "capability-id": "AnthosConfigManagement", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Based on the medium detection coverage for the correlated cyber-attacks, most of the techniques and sub-techniques in this security solution were rated as partial.", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": ["https://cloud.google.com/anthos-config-management/ "], "tags": ["Configuration Management", "Containers", "Policy"], "mapping-description": "", "capability-id": "AnthosConfigManagement", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Based on the medium detection coverage for the correlated cyber-attacks, most of the techniques and sub-techniques in this security solution were rated as partial.", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": ["https://cloud.google.com/anthos-config-management/ "], "tags": ["Configuration Management", "Containers", "Policy"], "mapping-description": "", "capability-id": "AnthosConfigManagement", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Based on the medium detection coverage for the correlated cyber-attacks, most of the techniques and sub-techniques in this security solution were rated as partial.", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": ["https://cloud.google.com/anthos-config-management/ "], "tags": ["Configuration Management", "Containers", "Policy"], "mapping-description": "", "capability-id": "AnthosConfigManagement", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Based on the medium detection coverage for the correlated cyber-attacks, most of the techniques and sub-techniques in this security solution were rated as partial.", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": ["https://cloud.google.com/anthos-config-management/ "], "tags": ["Configuration Management", "Containers", "Policy"], "mapping-description": "", "capability-id": "AnthosConfigManagement", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Based on the medium detection coverage for the correlated cyber-attacks, most of the techniques and sub-techniques in this security solution were rated as partial.", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": ["https://cloud.google.com/anthos-config-management/ "], "tags": ["Configuration Management", "Containers", "Policy"], "mapping-description": "", "capability-id": "AnthosConfigManagement", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Based on the medium detection coverage for the correlated cyber-attacks, most of the techniques and sub-techniques in this security solution were rated as partial.", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": ["https://cloud.google.com/anthos-config-management/ "], "tags": ["Configuration Management", "Containers", "Policy"], "mapping-description": "", "capability-id": "AnthosConfigManagement", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Based on the medium detection coverage for the correlated cyber-attacks, most of the techniques and sub-techniques in this security solution were rated as partial.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/anthos-config-management/ "], "tags": ["Configuration Management", "Containers", "Policy"], "mapping-description": "", "capability-id": "AnthosConfigManagement", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Based on the medium detection coverage for the correlated cyber-attacks, most of the techniques and sub-techniques in this security solution were rated as partial.", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": ["https://cloud.google.com/anthos-config-management/ "], "tags": ["Configuration Management", "Containers", "Policy"], "mapping-description": "", "capability-id": "AnthosConfigManagement", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Based on the medium detection coverage for the correlated cyber-attacks, most of the techniques and sub-techniques in this security solution were rated as partial.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://cloud.google.com/anthos-config-management/ "], "tags": ["Configuration Management", "Containers", "Policy"], "mapping-description": "", "capability-id": "AnthosConfigManagement", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": ["https://cloud.google.com/web-risk/docs/overview"], "tags": ["Network"], "mapping-description": "", "capability-id": "Web Risk", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": ["https://cloud.google.com/web-risk/docs/overview"], "tags": ["Network"], "mapping-description": "", "capability-id": "Web Risk", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "Malicious Link", "references": ["https://cloud.google.com/web-risk/docs/overview"], "tags": ["Network"], "mapping-description": "", "capability-id": "Web Risk", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Spearphishing Link", "references": ["https://cloud.google.com/web-risk/docs/overview"], "tags": ["Network"], "mapping-description": "", "capability-id": "Web Risk", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": ["https://cloud.google.com/cdn/docs/overview"], "tags": ["Containers", "Kubernetes", "Logging"], "mapping-description": "", "capability-id": "Cloud CDN", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This solution was rated as significant due to the control\u2019s high threat protection coverage and temporal factors (e.g., real-time, periodical).", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://cloud.google.com/beyondcorp-enterprise/docs/overview"], "tags": ["Access Control Policies", "Data Loss Prevention"], "mapping-description": "", "capability-id": "BeyondCorp Enterprise", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This solution was rated as significant due to the control\u2019s high threat protection coverage and temporal factors (e.g., real-time, periodical).", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": ["https://cloud.google.com/beyondcorp-enterprise/docs/overview"], "tags": ["Access Control Policies", "Data Loss Prevention"], "mapping-description": "", "capability-id": "BeyondCorp Enterprise", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This solution was rated as significant due to the control\u2019s high threat protection coverage and temporal factors (e.g., real-time, periodical).", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": ["https://cloud.google.com/beyondcorp-enterprise/docs/overview"], "tags": ["Access Control Policies", "Data Loss Prevention"], "mapping-description": "", "capability-id": "BeyondCorp Enterprise", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This solution was rated as significant due to the control\u2019s high threat protection coverage and temporal factors (e.g., real-time, periodical).", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://cloud.google.com/beyondcorp-enterprise/docs/overview"], "tags": ["Access Control Policies", "Data Loss Prevention"], "mapping-description": "", "capability-id": "BeyondCorp Enterprise", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This solution was rated as significant due to the control\u2019s high threat protection coverage and temporal factors (e.g., real-time, periodical).", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": ["https://cloud.google.com/beyondcorp-enterprise/docs/overview"], "tags": ["Access Control Policies", "Data Loss Prevention"], "mapping-description": "", "capability-id": "BeyondCorp Enterprise", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This solution was rated as significant due to the control\u2019s high threat protection coverage and temporal factors (e.g., real-time, periodical).", "attack-object-id": "T1566.001", "attack-object-name": "Spearphishing Attachment", "references": ["https://cloud.google.com/beyondcorp-enterprise/docs/overview"], "tags": ["Access Control Policies", "Data Loss Prevention"], "mapping-description": "", "capability-id": "BeyondCorp Enterprise", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This solution was rated as significant due to the control\u2019s high threat protection coverage and temporal factors (e.g., real-time, periodical).", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": ["https://cloud.google.com/beyondcorp-enterprise/docs/overview"], "tags": ["Access Control Policies", "Data Loss Prevention"], "mapping-description": "", "capability-id": "BeyondCorp Enterprise", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This solution was rated as significant due to the control\u2019s high threat protection coverage and temporal factors (e.g., real-time, periodical).", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": ["https://cloud.google.com/beyondcorp-enterprise/docs/overview"], "tags": ["Access Control Policies", "Data Loss Prevention"], "mapping-description": "", "capability-id": "BeyondCorp Enterprise", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This solution was rated as significant due to the control\u2019s high threat protection coverage and temporal factors (e.g., real-time, periodical).", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": ["https://cloud.google.com/beyondcorp-enterprise/docs/overview"], "tags": ["Access Control Policies", "Data Loss Prevention"], "mapping-description": "", "capability-id": "BeyondCorp Enterprise", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This solution was rated as significant due to the control\u2019s high threat protection coverage and temporal factors (e.g., real-time, periodical).", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://cloud.google.com/beyondcorp-enterprise/docs/overview"], "tags": ["Access Control Policies", "Data Loss Prevention"], "mapping-description": "", "capability-id": "BeyondCorp Enterprise", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repositories", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://cloud.google.com/identity"], "tags": ["Identity", "Multi-Factor Authentication", "Credentials"], "mapping-description": "", "capability-id": "Cloud Identity", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": ["https://cloud.google.com/armor"], "tags": ["Network", "Firewall"], "mapping-description": "", "capability-id": "Cloud Armor", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://cloud.google.com/armor"], "tags": ["Network", "Firewall"], "mapping-description": "", "capability-id": "Cloud Armor", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": ["https://cloud.google.com/armor"], "tags": ["Network", "Firewall"], "mapping-description": "", "capability-id": "Cloud Armor", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://cloud.google.com/armor"], "tags": ["Network", "Firewall"], "mapping-description": "", "capability-id": "Cloud Armor", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1018", "attack-object-name": "Remote System Discovery", "references": ["https://cloud.google.com/armor"], "tags": ["Network", "Firewall"], "mapping-description": "", "capability-id": "Cloud Armor", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://cloud.google.com/armor"], "tags": ["Network", "Firewall"], "mapping-description": "", "capability-id": "Cloud Armor", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://support.google.com/a/answer/1734200?hl=en"], "tags": ["Identity", "Patch Management"], "mapping-description": "", "capability-id": "Endpoint Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://support.google.com/a/answer/1734200?hl=en"], "tags": ["Identity", "Patch Management"], "mapping-description": "", "capability-id": "Endpoint Management", "mapping-type": "technique-scores", "score-category": "Respond", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": ["https://support.google.com/a/answer/1734200?hl=en"], "tags": ["Identity", "Patch Management"], "mapping-description": "", "capability-id": "Endpoint Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": ["https://support.google.com/a/answer/1734200?hl=en"], "tags": ["Identity", "Patch Management"], "mapping-description": "", "capability-id": "Endpoint Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview"], "tags": ["Network", "Encryption"], "mapping-description": "", "capability-id": "CloudVPN", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": ["https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview"], "tags": ["Network", "Encryption"], "mapping-description": "", "capability-id": "CloudVPN", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": ["https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview"], "tags": ["Network", "Encryption"], "mapping-description": "", "capability-id": "CloudVPN", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Transmitted Data Manipulation", "references": ["https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview"], "tags": ["Network", "Encryption"], "mapping-description": "", "capability-id": "CloudVPN", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "ARP Cache Poisoning", "references": ["https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview"], "tags": ["Network", "Encryption"], "mapping-description": "", "capability-id": "CloudVPN", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview"], "tags": ["Network", "Encryption"], "mapping-description": "", "capability-id": "CloudVPN", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to AWS Key Management Service, AWS Cloud HSM, and Azure KeyVault.", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://cloud.google.com/security-key-management"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Cloud Key Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Similar to AWS Key Management Service, AWS Cloud HSM, and Azure KeyVault.", "attack-object-id": "T1552.005", "attack-object-name": "Cloud Instance Metadata API", "references": ["https://cloud.google.com/security-key-management"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Cloud Key Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Similar to AWS Key Management Service, AWS Cloud HSM, and Azure KeyVault.", "attack-object-id": "T1588", "attack-object-name": "Obtain Capabilities", "references": ["https://cloud.google.com/security-key-management"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Cloud Key Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to AWS Key Management Service, AWS Cloud HSM, and Azure KeyVault.", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": ["https://cloud.google.com/security-key-management"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Cloud Key Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Similar to AWS Key Management Service, AWS Cloud HSM, and Azure KeyVault.", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": ["https://cloud.google.com/security-key-management"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Cloud Key Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to AWS Key Management Service, AWS Cloud HSM, and Azure KeyVault.", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://cloud.google.com/security-key-management"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Cloud Key Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to AWS Key Management Service, AWS Cloud HSM, and Azure KeyVault.", "attack-object-id": "T1588.003", "attack-object-name": "Code Signing Certificates", "references": ["https://cloud.google.com/security-key-management"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Cloud Key Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to AWS Key Management Service, AWS Cloud HSM, and Azure KeyVault.", "attack-object-id": "T1588.004", "attack-object-name": "Digital Certificates", "references": ["https://cloud.google.com/security-key-management"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Cloud Key Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to AWS Key Management Service, AWS Cloud HSM, and Azure KeyVault.", "attack-object-id": "T1552.001", "attack-object-name": "Credentials In Files", "references": ["https://cloud.google.com/security-key-management"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Cloud Key Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Similar to AWS Key Management Service, AWS Cloud HSM, and Azure KeyVault.", "attack-object-id": "T1552.004", "attack-object-name": "Private Keys", "references": ["https://cloud.google.com/security-key-management"], "tags": ["Credentials"], "mapping-description": "", "capability-id": "Cloud Key Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": ["https://cloud.google.com/titan-security-key#section-3"], "tags": ["Multi-Factor Authentication", "Identity"], "mapping-description": "", "capability-id": "Titan Security Key", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1021.002", "attack-object-name": "SMB/Windows Admin Shares", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1218.005", "attack-object-name": "Mshta", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1543.001", "attack-object-name": "Launch Agent", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1543.004", "attack-object-name": "Launch Daemon", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1546.001", "attack-object-name": "Change Default File Association", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1547.001", "attack-object-name": "Registry Run Keys / Startup Folder", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1564.001", "attack-object-name": "Hidden Files and Directories", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1564", "attack-object-name": "Hide Artifacts", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1003.003", "attack-object-name": "NTDS", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1134.005", "attack-object-name": "SID-History Injection", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1584.002", "attack-object-name": "DNS Server", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1070.002", "attack-object-name": "Clear Linux or Mac System Logs", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1136.001", "attack-object-name": "Local Account", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1021.004", "attack-object-name": "SSH", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration over USB", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1584", "attack-object-name": "Compromise Infrastructure", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1056", "attack-object-name": "Input Capture", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1056.003", "attack-object-name": "Web Portal Capture", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1056.004", "attack-object-name": "Credential API Hooking", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1071.001", "attack-object-name": "Web Protocols", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1218.010", "attack-object-name": "Regsvr32", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1059.003", "attack-object-name": "Windows Command Shell", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1082", "attack-object-name": "System Information Discovery", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1218.003", "attack-object-name": "CMSTP", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1018", "attack-object-name": "Remote System Discovery", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1036.005", "attack-object-name": "Match Legitimate Name or Location", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1027.004", "attack-object-name": "Compile After Delivery", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1127.001", "attack-object-name": "MSBuild", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1037.003", "attack-object-name": "Network Logon Script", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1059.007", "attack-object-name": "JavaScript", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1132.001", "attack-object-name": "Standard Encoding", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1195.002", "attack-object-name": "Compromise Software Supply Chain", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1546.007", "attack-object-name": "Netsh Helper DLL", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1574.007", "attack-object-name": "Path Interception by PATH Environment Variable", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1070.004", "attack-object-name": "File Deletion", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1020", "attack-object-name": "Automated Exfiltration", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1543.003", "attack-object-name": "Windows Service", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1070.006", "attack-object-name": "Timestomp", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1003.001", "attack-object-name": "LSASS Memory", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1137.001", "attack-object-name": "Office Template Macros", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1057", "attack-object-name": "Process Discovery", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1016", "attack-object-name": "System Network Configuration Discovery", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1049", "attack-object-name": "System Network Connections Discovery", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1033", "attack-object-name": "System Owner/User Discovery", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1588.002", "attack-object-name": "Tool", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1588", "attack-object-name": "Obtain Capabilities", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1070.001", "attack-object-name": "Clear Windows Event Logs", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1569.002", "attack-object-name": "Service Execution", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1546.008", "attack-object-name": "Accessibility Features", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1202", "attack-object-name": "Indirect Command Execution", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping is given a score of minimal due to low threat detection fidelity from specific (sub-)techniques found in MITRE\u2019s ATT&CK framework. \n\nChronicle is able to ingest and aggregate raw logs from multiple data formats, to include: json, csv, xml, and syslog. ", "attack-object-id": "T1546.003", "attack-object-name": "Windows Management Instrumentation Event Subscription", "references": ["https://cloud.google.com/chronicle/docs/overview", "https://github.com/chronicle/detection-rules"], "tags": ["SIEM", "Chronicle", "Threat Detection", "Analytics"], "mapping-description": "", "capability-id": "Chronicle", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": ["https://cloud.google.com/cloud-provider-access-management/access-transparency/docs/overview"], "tags": ["Auditing", "Access Management"], "mapping-description": "", "capability-id": "Access Transparency", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://cloud.google.com/cloud-provider-access-management/access-transparency/docs/overview"], "tags": ["Auditing", "Access Management"], "mapping-description": "", "capability-id": "Access Transparency", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": ["https://cloud.google.com/compute/shielded-vm/docs/shielded-vm"], "tags": ["Vulnerability Management"], "mapping-description": "", "capability-id": "Shielded VM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1014", "attack-object-name": "Rootkit", "references": ["https://cloud.google.com/compute/shielded-vm/docs/shielded-vm"], "tags": ["Vulnerability Management"], "mapping-description": "", "capability-id": "Shielded VM", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1018", "attack-object-name": "Remote System Discovery", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channel", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1590", "attack-object-name": "Gather Victim Network Information", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Documentation is segmented into 4 sections: VPC Firewall rules, Hierarchical firewall policies, Firewall insights, Firewall rules logging. These sections are listed under Firewall Insights and Virtual Private Cloud (VPC) rather than a generic Firewall documentation page. Its unclear if the data in these sections should correspond to the \"Firewalls\" control, or the parent control under which its documented.", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": ["https://cloud.google.com/firewalls"], "tags": ["Firewall", "Logging", "Network"], "mapping-description": "", "capability-id": "Firewalls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1505.003", "attack-object-name": "Web Shell", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1059.004", "attack-object-name": "Unix Shell", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1071.004", "attack-object-name": "DNS", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration to Cloud Storage", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1505.001", "attack-object-name": "SQL Stored Procedures", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1589.001", "attack-object-name": "Credentials", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1078.001", "attack-object-name": "Default Accounts", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1542.003", "attack-object-name": "Bootkit", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1014", "attack-object-name": "Rootkit", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "This mapping was rated as significant due to the control\u2019s notable detection accuracy, mappable threat coverage, and time-related factors (e.g., real-time).\n\nSCC also provides users with compliance mappings that scan environments against violations according to PCI-DSS v3.2.1, OWASP Top Ten, NIST 800-53, and ISO 27001. \n\nTo improve cyber-situational awareness and detection against various threats, SCC ingests logging data from multiple sources. Cloud Audit Admin Activity logs are always enabled by default and cannot be disabled. SCC Premium consumes logs automatically when activated. SSH Logs and syslog inform the brute force detector, and the set of network logs (VPC Flow/Cloud Firewall/Cloud NAT/Cloud DNS).\n\nFurther automated response functionality can be extended in SCC to take actions against threats. A full list of automated actions can be found on GCP's GitHub.\n\nReference: https://github.com/GoogleCloudPlatform/security-response-automation ", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview", "https://github.com/GoogleCloudPlatform/security-analytics"], "tags": ["Analytics", "Security Command Center", "Vulnerability Management"], "mapping-description": "", "capability-id": "Security Command Center", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "There are other methods available for users to secure data with the use of client-side encryption and customer encryption-keys.", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://cloud.google.com/storage/docs/encryption", "https://cloud.google.com/storage"], "tags": ["Storage", "Data Security", "Encryption", "Credentials"], "mapping-description": "", "capability-id": "Cloud Storage", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "There are other methods available for users to secure data with the use of client-side encryption and customer encryption-keys.", "attack-object-id": "T1565.001", "attack-object-name": "Stored Data Manipulation", "references": ["https://cloud.google.com/storage/docs/encryption", "https://cloud.google.com/storage"], "tags": ["Storage", "Data Security", "Encryption", "Credentials"], "mapping-description": "", "capability-id": "Cloud Storage", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "There are other methods available for users to secure data with the use of client-side encryption and customer encryption-keys.", "attack-object-id": "T1588.004", "attack-object-name": "Digital Certificates", "references": ["https://cloud.google.com/storage/docs/encryption", "https://cloud.google.com/storage"], "tags": ["Storage", "Data Security", "Encryption", "Credentials"], "mapping-description": "", "capability-id": "Cloud Storage", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "There are other methods available for users to secure data with the use of client-side encryption and customer encryption-keys.", "attack-object-id": "T1588.003", "attack-object-name": "Code Signing Certificates", "references": ["https://cloud.google.com/storage/docs/encryption", "https://cloud.google.com/storage"], "tags": ["Storage", "Data Security", "Encryption", "Credentials"], "mapping-description": "", "capability-id": "Cloud Storage", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://cloud.google.com/dlp/docs"], "tags": ["Storage"], "mapping-description": "", "capability-id": "Cloud Data Loss Prevention", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Binary authorization provides the capability to configure a policy that is enforced when an attempt is made to deploy a container image.", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": ["https://cloud.google.com/binary-authorization/docs/overview", "https://cloud.google.com/binary-authorization/docs/attestations"], "tags": ["Binary Authorization"], "mapping-description": "", "capability-id": "Binary Authorization", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Binary authorization provides the capability to configure a policy that is enforced when an attempt is made to deploy a container image.", "attack-object-id": "T1053.007", "attack-object-name": "Container Orchestration Job", "references": ["https://cloud.google.com/binary-authorization/docs/overview", "https://cloud.google.com/binary-authorization/docs/attestations"], "tags": ["Binary Authorization"], "mapping-description": "", "capability-id": "Binary Authorization", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Binary authorization provides the capability to configure a policy that is enforced when an attempt is made to deploy a container image.", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": ["https://cloud.google.com/binary-authorization/docs/overview", "https://cloud.google.com/binary-authorization/docs/attestations"], "tags": ["Binary Authorization"], "mapping-description": "", "capability-id": "Binary Authorization", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Binary authorization provides the capability to configure a policy that is enforced when an attempt is made to deploy a container image.", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": ["https://cloud.google.com/binary-authorization/docs/overview", "https://cloud.google.com/binary-authorization/docs/attestations"], "tags": ["Binary Authorization"], "mapping-description": "", "capability-id": "Binary Authorization", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Binary authorization provides the capability to configure a policy that is enforced when an attempt is made to deploy a container image.", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": ["https://cloud.google.com/binary-authorization/docs/overview", "https://cloud.google.com/binary-authorization/docs/attestations"], "tags": ["Binary Authorization"], "mapping-description": "", "capability-id": "Binary Authorization", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Binary authorization provides the capability to configure a policy that is enforced when an attempt is made to deploy a container image.", "attack-object-id": "T1036.001", "attack-object-name": "Invalid Code Signature", "references": ["https://cloud.google.com/binary-authorization/docs/overview", "https://cloud.google.com/binary-authorization/docs/attestations"], "tags": ["Binary Authorization"], "mapping-description": "", "capability-id": "Binary Authorization", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Binary authorization provides the capability to configure a policy that is enforced when an attempt is made to deploy a container image.", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": ["https://cloud.google.com/binary-authorization/docs/overview", "https://cloud.google.com/binary-authorization/docs/attestations"], "tags": ["Binary Authorization"], "mapping-description": "", "capability-id": "Binary Authorization", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "Binary authorization provides the capability to configure a policy that is enforced when an attempt is made to deploy a container image.", "attack-object-id": "T1204.003", "attack-object-name": "Malicious Image", "references": ["https://cloud.google.com/binary-authorization/docs/overview", "https://cloud.google.com/binary-authorization/docs/attestations"], "tags": ["Binary Authorization"], "mapping-description": "", "capability-id": "Binary Authorization", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Domain Accounts", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Password Guessing", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Password Cracking", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Password Spraying", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": ["https://landing.google.com/advancedprotection/"], "tags": ["Multi-Factor Authentication", "Phishing"], "mapping-description": "", "capability-id": "AdvancedProtectionProgram", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": ["https://cloud.google.com/secret-manager/docs/overview"], "tags": ["Data Security"], "mapping-description": "", "capability-id": "Secret Manager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": ["https://cloud.google.com/secret-manager/docs/overview"], "tags": ["Data Security"], "mapping-description": "", "capability-id": "Secret Manager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": ["https://cloud.google.com/secret-manager/docs/overview"], "tags": ["Data Security"], "mapping-description": "", "capability-id": "Secret Manager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": ["https://cloud.google.com/secret-manager/docs/overview"], "tags": ["Data Security"], "mapping-description": "", "capability-id": "Secret Manager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "", "attack-object-id": "T1590", "attack-object-name": "Gather Victim Network Information", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1590.004", "attack-object-name": "Network Topology", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1590.005", "attack-object-name": "IP Addresses", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1595.001", "attack-object-name": "Scanning IP Blocks", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Adversary-in-the-Middle", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Container API", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1018", "attack-object-name": "Remote System Discovery", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": ["https://cloud.google.com/vpc-service-controls/docs"], "tags": ["Network", "Virtual Private Cloud"], "mapping-description": "", "capability-id": "Virtual Private Cloud", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Compute Infrastructure", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1548.002", "attack-object-name": "Bypass User Account Control", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Minimal", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure Role based access control and Azure policy ", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": ["https://cloud.google.com/policy-intelligence"], "tags": ["Identity", "Role Based Access Control", "Access Management", "Credentials"], "mapping-description": "", "capability-id": "Policy Intelligence", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://cloud.google.com/recaptcha-enterprise"], "tags": ["Multi-Factor Authentication", "Identity"], "mapping-description": "", "capability-id": "ReCAPTCHA Enterprise", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Credential Stuffing", "references": ["https://cloud.google.com/recaptcha-enterprise"], "tags": ["Multi-Factor Authentication", "Identity"], "mapping-description": "", "capability-id": "ReCAPTCHA Enterprise", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Cloud Account", "references": ["https://cloud.google.com/recaptcha-enterprise"], "tags": ["Multi-Factor Authentication", "Identity"], "mapping-description": "", "capability-id": "ReCAPTCHA Enterprise", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/vpc-service-controls/docs/overview"], "tags": ["Virtual Private Cloud", "Access Control Policies", "Network"], "mapping-description": "", "capability-id": "VPC Service Controls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": ["https://cloud.google.com/vpc-service-controls/docs/overview"], "tags": ["Virtual Private Cloud", "Access Control Policies", "Network"], "mapping-description": "", "capability-id": "VPC Service Controls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": ["https://cloud.google.com/vpc-service-controls/docs/overview"], "tags": ["Virtual Private Cloud", "Access Control Policies", "Network"], "mapping-description": "", "capability-id": "VPC Service Controls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Significant", "related-score": ""}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": ["https://cloud.google.com/vpc-service-controls/docs/overview"], "tags": ["Virtual Private Cloud", "Access Control Policies", "Network"], "mapping-description": "", "capability-id": "VPC Service Controls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "", "attack-object-id": "T1619", "attack-object-name": "Cloud Storage Object Discovery", "references": ["https://cloud.google.com/vpc-service-controls/docs/overview"], "tags": ["Virtual Private Cloud", "Access Control Policies", "Network"], "mapping-description": "", "capability-id": "VPC Service Controls", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure AD for Managed Identities, Azure Role Based Access Control, AWS Identity and Access Management.", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": ["https://cloud.google.com/iam"], "tags": ["Identity", "Credentials", "Access Management", "Multi-Factor Authentication", "Role Based Access Control"], "mapping-description": "", "capability-id": "Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure AD for Managed Identities, Azure Role Based Access Control, AWS Identity and Access Management.", "attack-object-id": "T1098.001", "attack-object-name": "Additional Cloud Credentials", "references": ["https://cloud.google.com/iam"], "tags": ["Identity", "Credentials", "Access Management", "Multi-Factor Authentication", "Role Based Access Control"], "mapping-description": "", "capability-id": "Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure AD for Managed Identities, Azure Role Based Access Control, AWS Identity and Access Management.", "attack-object-id": "T1069", "attack-object-name": "Permission Groups Discovery", "references": ["https://cloud.google.com/iam"], "tags": ["Identity", "Credentials", "Access Management", "Multi-Factor Authentication", "Role Based Access Control"], "mapping-description": "", "capability-id": "Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Similar to Azure AD for Managed Identities, Azure Role Based Access Control, AWS Identity and Access Management.", "attack-object-id": "T1069.003", "attack-object-name": "Cloud Groups", "references": ["https://cloud.google.com/iam"], "tags": ["Identity", "Credentials", "Access Management", "Multi-Factor Authentication", "Role Based Access Control"], "mapping-description": "", "capability-id": "Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Similar to Azure AD for Managed Identities, Azure Role Based Access Control, AWS Identity and Access Management.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/iam"], "tags": ["Identity", "Credentials", "Access Management", "Multi-Factor Authentication", "Role Based Access Control"], "mapping-description": "", "capability-id": "Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure AD for Managed Identities, Azure Role Based Access Control, AWS Identity and Access Management.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/iam"], "tags": ["Identity", "Credentials", "Access Management", "Multi-Factor Authentication", "Role Based Access Control"], "mapping-description": "", "capability-id": "Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure AD for Managed Identities, Azure Role Based Access Control, AWS Identity and Access Management.", "attack-object-id": "T1078.004", "attack-object-name": "Cloud Accounts", "references": ["https://cloud.google.com/iam"], "tags": ["Identity", "Credentials", "Access Management", "Multi-Factor Authentication", "Role Based Access Control"], "mapping-description": "", "capability-id": "Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure AD for Managed Identities, Azure Role Based Access Control, AWS Identity and Access Management.", "attack-object-id": "T1087.004", "attack-object-name": "Cloud Account", "references": ["https://cloud.google.com/iam"], "tags": ["Identity", "Credentials", "Access Management", "Multi-Factor Authentication", "Role Based Access Control"], "mapping-description": "", "capability-id": "Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Similar to Azure AD for Managed Identities, Azure Role Based Access Control, AWS Identity and Access Management.", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": ["https://cloud.google.com/iam"], "tags": ["Identity", "Credentials", "Access Management", "Multi-Factor Authentication", "Role Based Access Control"], "mapping-description": "", "capability-id": "Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "Similar to Azure AD for Managed Identities, Azure Role Based Access Control, AWS Identity and Access Management.", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": ["https://cloud.google.com/iam"], "tags": ["Identity", "Credentials", "Access Management", "Multi-Factor Authentication", "Role Based Access Control"], "mapping-description": "", "capability-id": "Identity and Access Management", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Minimal", "related-score": ""}, {"comments": "This mapping was scored as Partial due to the medium threat protection coverage to specific (sub-) techniques of MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://cloud.google.com/compute/docs/vm-manager"], "tags": ["Patch Management", "Vulnerability Management", "Configuration Management", "Credentials"], "mapping-description": "", "capability-id": "VMManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as Partial due to the medium threat protection coverage to specific (sub-) techniques of MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": ["https://cloud.google.com/compute/docs/vm-manager"], "tags": ["Patch Management", "Vulnerability Management", "Configuration Management", "Credentials"], "mapping-description": "", "capability-id": "VMManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as Partial due to the medium threat protection coverage to specific (sub-) techniques of MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": ["https://cloud.google.com/compute/docs/vm-manager"], "tags": ["Patch Management", "Vulnerability Management", "Configuration Management", "Credentials"], "mapping-description": "", "capability-id": "VMManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as Partial due to the medium threat protection coverage to specific (sub-) techniques of MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": ["https://cloud.google.com/compute/docs/vm-manager"], "tags": ["Patch Management", "Vulnerability Management", "Configuration Management", "Credentials"], "mapping-description": "", "capability-id": "VMManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as Partial due to the medium threat protection coverage to specific (sub-) techniques of MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": ["https://cloud.google.com/compute/docs/vm-manager"], "tags": ["Patch Management", "Vulnerability Management", "Configuration Management", "Credentials"], "mapping-description": "", "capability-id": "VMManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as Partial due to the medium threat protection coverage to specific (sub-) techniques of MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://cloud.google.com/compute/docs/vm-manager"], "tags": ["Patch Management", "Vulnerability Management", "Configuration Management", "Credentials"], "mapping-description": "", "capability-id": "VMManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "This mapping was scored as Partial due to the medium threat protection coverage to specific (sub-) techniques of MITRE\u2019s ATT&CK framework.", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": ["https://cloud.google.com/compute/docs/vm-manager"], "tags": ["Patch Management", "Vulnerability Management", "Configuration Management", "Credentials"], "mapping-description": "", "capability-id": "VMManager", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Google Cloud's Artifact Registry is the recommended service for managing containers. Container Registry provides a subset of the features found in Artifact Registry and will only receive critical security fixes.", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": ["https://cloud.google.com/container-registry/docs/container-analysis", "https://cloud.google.com/artifact-registry/docs/transition/transition-from-gcr"], "tags": ["Containers", "Vulnerability Analysis"], "mapping-description": "", "capability-id": "Container Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Google Cloud's Artifact Registry is the recommended service for managing containers. Container Registry provides a subset of the features found in Artifact Registry and will only receive critical security fixes.", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": ["https://cloud.google.com/container-registry/docs/container-analysis", "https://cloud.google.com/artifact-registry/docs/transition/transition-from-gcr"], "tags": ["Containers", "Vulnerability Analysis"], "mapping-description": "", "capability-id": "Container Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Google Cloud's Artifact Registry is the recommended service for managing containers. Container Registry provides a subset of the features found in Artifact Registry and will only receive critical security fixes.", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": ["https://cloud.google.com/container-registry/docs/container-analysis", "https://cloud.google.com/artifact-registry/docs/transition/transition-from-gcr"], "tags": ["Containers", "Vulnerability Analysis"], "mapping-description": "", "capability-id": "Container Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Google Cloud's Artifact Registry is the recommended service for managing containers. Container Registry provides a subset of the features found in Artifact Registry and will only receive critical security fixes.", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": ["https://cloud.google.com/container-registry/docs/container-analysis", "https://cloud.google.com/artifact-registry/docs/transition/transition-from-gcr"], "tags": ["Containers", "Vulnerability Analysis"], "mapping-description": "", "capability-id": "Container Registry", "mapping-type": "technique-scores", "score-category": "Protect", "score-value": "Partial", "related-score": ""}, {"comments": "Google Cloud's Artifact Registry is the recommended service for managing containers. Container Registry provides a subset of the features found in Artifact Registry and will only receive critical security fixes.", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": ["https://cloud.google.com/container-registry/docs/container-analysis", "https://cloud.google.com/artifact-registry/docs/transition/transition-from-gcr"], "tags": ["Containers", "Vulnerability Analysis"], "mapping-description": "", "capability-id": "Container Registry", "mapping-type": "technique-scores", "score-category": "Detect", "score-value": "Partial", "related-score": ""}]} diff --git a/src/mappings_explorer/cli/parsed_mappings/veris/1.3.5/parsed_veris-mappings.json b/src/mappings_explorer/cli/parsed_mappings/veris/1.3.5/parsed_veris-mappings.json index 3b5ba4e6..6dc8cfac 100644 --- a/src/mappings_explorer/cli/parsed_mappings/veris/1.3.5/parsed_veris-mappings.json +++ b/src/mappings_explorer/cli/parsed_mappings/veris/1.3.5/parsed_veris-mappings.json @@ -1 +1 @@ -{"metadata": {"mapping-version": "1.9", "attack-version": "9.0", "technology-domain": "enterprise", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "VERIS Framework", "mapping-framework-version": "1.3.5"}, "attack-objects": [{"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Direct install", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "Scheduled Task/Job: At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "Scheduled Task/Job: At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Scheduled Task/Job: Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Scheduled Task/Job: Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task/Job: Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Scheduled Task/Job: Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Scheduled Task/Job: Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "Command and Scripting Interpreter: PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "Command and Scripting Interpreter: PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "Command and Scripting Interpreter: AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "Command and Scripting Interpreter: AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Command and Scripting Interpreter: Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Command and Scripting Interpreter: Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Command and Scripting Interpreter: Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Command and Scripting Interpreter: Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Command and Scripting Interpreter: Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Command and Scripting Interpreter: Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Command and Scripting Interpreter: Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Command and Scripting Interpreter: Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Command and Scripting Interpreter: Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "Command and Scripting Interpreter: JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "Command and Scripting Interpreter: JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "Command and Scripting Interpreter: JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Command and Scripting Interpreter: Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Command and Scripting Interpreter: Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Adminware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Software update", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "Tursted Developer Utilities Proxy Execution: MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "Tursted Developer Utilities Proxy Execution: MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Application Startup: Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Application Startup: Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Office Application Startup: Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Office Application Startup: Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Office Application Startup: Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1202", "attack-object-name": "Indirect Command Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "Signed Script Proxy Execution: PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Signed Binary Proxy Execution: Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Signed Binary Proxy Execution: Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "Signed Binary Proxy Execution: CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "Signed Binary Proxy Execution: InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Signed Binary Proxy Execution: Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Signed Binary Proxy Execution: Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Signed Binary Proxy Execution: Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Signed Binary Proxy Execution: Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Signed Binary Proxy Execution: Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Signed Binary Proxy Execution: Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Signed Binary Proxy Execution: Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "Server Software Component: SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "Server Software Component: SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "Server Software Component: SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "Server Software Component: SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Server Software Component: Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Server Software Component: Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Server Software Component: Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Server Software Component: Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1529", "attack-object-name": "System Shutdown/Reboot", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Create or Modify System Process: Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Create or Modify System Process: Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Create or Modify System Process: Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Create or Modify System Process: Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAT", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Create or Modify System Process: Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Abuse Elevation Control Mechanism: Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Abuse Elevation Control Mechanism: Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Abuse Elevation Control Mechanism: Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Abuse Elevation Control Mechanism: Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Abuse Elevation Control Mechanism: Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Abuse Elevation Control Mechanism: Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Abuse Elevation Control Mechanism: Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Client-side attack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Abuse Elevation Control Mechanism: Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Abuse Elevation Control Mechanism: Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Inter-Process Communication: Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Inter-Process Communication: Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "Remote Service Session Hijacking: SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "Remote Service Session Hijacking: SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "Remote Service Session Hijacking: RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "Remote Service Session Hijacking: RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564", "attack-object-name": "Hide Artifacts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.001", "attack-object-name": "Hide Artifacts: Hidden Files and Directories", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hide Artifacts: Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hide Artifacts: Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "Hide Artifacts: NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.005", "attack-object-name": "Hide Artifacts: Hidden File System", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Hide Artifacts: Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "Hide Artifacts: VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "Hide Artifacts: VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Trojan", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "System Services: Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "System Services: Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "System Services: Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Direct install", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Computer Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Computer Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Hypervisor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Computer Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Inter-tenant", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Modify Cloud Computer Infrastructure: Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Modify Cloud Computer Infrastructure: Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Modify Cloud Computer Infrastructure: Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578.004", "attack-object-name": "Modify Cloud Computer Infrastructure: Revert Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Brute Force: Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Brute Force: Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Brute Force: Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Brute Force: Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Offline cracking", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Brute Force: Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Brute Force: Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Brute Force: Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Brute Force: Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Brute Force: Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Buffer overflow", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP Response Splitting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP request smuggling", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP request splitting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP response smuggling", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Client-side attack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1600", "attack-object-name": "Weaken Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Cryptanalysis", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1600", "attack-object-name": "Weaken Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Network Denial of Service: Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Network Denial of Service: Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Network Denial of Service: Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Network Denial of Service: Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Soap array abuse", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XML attribute blowup", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XML entity expansion", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XML external entities", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "Endpoint Denial of Service: OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "Endpoint Denial of Service: OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Endpoint Denial of Service: Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Endpoint Denial of Service: Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Endpoint Denial of Service: Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Endpoint Denial of Service: Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Endpoint Denial of Service: Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Endpoint Denial of Service: Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.005", "attack-object-name": "Acquire Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.005", "attack-object-name": "Acquire Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.005", "attack-object-name": "Acquire Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Bot", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.005", "attack-object-name": "Acquire Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Botnet", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.005", "attack-object-name": "Compromise Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.005", "attack-object-name": "Compromise Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.005", "attack-object-name": "Compromise Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.005", "attack-object-name": "Compromise Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Format string attack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Fuzz testing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Insecure deserialization", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Integer overflows", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.LDAP injection", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Session fixation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - drive-by", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "Steal or Forge Kerberos Tickets: AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "Steal or Forge Kerberos Tickets: AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "Steal or Forge Kerberos Tickets: AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "Hijack Execution Flow: DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "Hijack Execution Flow: DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "Hijack Execution Flow: DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "Hijack Execution Flow: DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "Hijack Execution Flow: DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "Hijack Execution Flow: DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Hijack Execution Flow: Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Hijack Execution Flow: Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Hijack Execution Flow: Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Hijack Execution Flow: Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Hijack Execution Flow: Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Hijack Execution Flow: Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595.002", "attack-object-name": "Active Scanning: Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595.002", "attack-object-name": "Active Scanning: Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595.002", "attack-object-name": "Active Scanning: Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595.002", "attack-object-name": "Active Scanning: Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1007", "attack-object-name": "System Service Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1012", "attack-object-name": "Query Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1057", "attack-object-name": "Process Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1069", "attack-object-name": "Permission Groups Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1069.001", "attack-object-name": "Permission Groups Discovery: Local Groups", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1069.002", "attack-object-name": "Permission Groups Discovery: Domain Groups", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1069.003", "attack-object-name": "Permission Groups Discovery: Cloud Groups", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1082", "attack-object-name": "System Information Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Account Discovery: Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Account Discovery: Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1087.003", "attack-object-name": "Account Discovery: Email Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Account Discovery: Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1120", "attack-object-name": "Peripheral Device Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1124", "attack-object-name": "System Time Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1480", "attack-object-name": "Execution Guardrails", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1480.001", "attack-object-name": "Execution Guardrails: Environmental Keying", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1518", "attack-object-name": "Software Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1518.001", "attack-object-name": "Software Discovery: Security Software Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1526", "attack-object-name": "Cloud Service Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589", "attack-object-name": "Gather Victim Identity Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589", "attack-object-name": "Gather Victim Identity Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Personal Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589.001", "attack-object-name": "Gather Victim Identity Information: Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589.001", "attack-object-name": "Gather Victim Identity Information: Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Lost or stolen credentials", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589.001", "attack-object-name": "Gather Victim Identity Information: Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Personal Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589.002", "attack-object-name": "Gather Victim Identity Information: Email Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589.002", "attack-object-name": "Gather Victim Identity Information: Email Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Email addresses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589.002", "attack-object-name": "Gather Victim Identity Information: Email Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Personal Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589.003", "attack-object-name": "Gather Victim Identity Information: Employee Names", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589.003", "attack-object-name": "Gather Victim Identity Information: Employee Names", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Personal Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590", "attack-object-name": "Gather Victim Network Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590", "attack-object-name": "Gather Victim Network Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.001", "attack-object-name": "Gather Victim Network Information: Domain Properties", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.001", "attack-object-name": "Gather Victim Network Information: Domain Properties", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.002", "attack-object-name": "Gather Victim Network Information: DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.002", "attack-object-name": "Gather Victim Network Information: DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.003", "attack-object-name": "Gather Victim Network Information: Network Trust Dependencies", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.003", "attack-object-name": "Gather Victim Network Information: Network Trust Dependencies", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.004", "attack-object-name": "Gather Victim Network Information: Network Topology", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.004", "attack-object-name": "Gather Victim Network Information: Network Topology", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.005", "attack-object-name": "Gather Victim Network Information: IP Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.005", "attack-object-name": "Gather Victim Network Information: IP Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.006", "attack-object-name": "Gather Victim Network Information: Network Security Appliances", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.006", "attack-object-name": "Gather Victim Network Information: Network Security Appliances", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1591", "attack-object-name": "Gather Victim Org Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1591", "attack-object-name": "Gather Victim Org Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1591.001", "attack-object-name": "Gather Victim Org Information: Determine Physical Locations", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1591.001", "attack-object-name": "Gather Victim Org Information: Determine Physical Locations", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1591.002", "attack-object-name": "Gather Victim Org Information: Business Relationships", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1591.002", "attack-object-name": "Gather Victim Org Information: Business Relationships", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1591.003", "attack-object-name": "Gather Victim Org Information: Identify Business Tempo", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1591.003", "attack-object-name": "Gather Victim Org Information: Identify Business Tempo", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1591.004", "attack-object-name": "Gather Victim Org Information: Identify Roles", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1591.004", "attack-object-name": "Gather Victim Org Information: Identify Roles", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592", "attack-object-name": "Gather Victim Host Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592", "attack-object-name": "Gather Victim Host Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.001", "attack-object-name": "Gather Victim Host Information: Hardware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.001", "attack-object-name": "Gather Victim Host Information: Hardware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.002", "attack-object-name": "Gather Victim Host Information: Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.002", "attack-object-name": "Gather Victim Host Information: Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.003", "attack-object-name": "Gather Victim Host Information: Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.003", "attack-object-name": "Gather Victim Host Information: Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.004", "attack-object-name": "Gather Victim Host Information: Client Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.004", "attack-object-name": "Gather Victim Host Information: Client Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1593", "attack-object-name": "Search Open Websites/Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1593", "attack-object-name": "Search Open Websites/Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1593.001", "attack-object-name": "Search Open Websites/Domains: Social Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1593.001", "attack-object-name": "Search Open Websites/Domains: Social Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1593.002", "attack-object-name": "Search Open Websites/Domains: Search Engines", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1593.002", "attack-object-name": "Search Open Websites/Domains: Search Engines", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1594", "attack-object-name": "Search Victim-Owned Websites", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1594", "attack-object-name": "Search Victim-Owned Websites", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596", "attack-object-name": "Search Open Technical Databases", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596", "attack-object-name": "Search Open Technical Databases", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596.001", "attack-object-name": "Search Open Technical Databases: DNS/Passive DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596.001", "attack-object-name": "Search Open Technical Databases: DNS/Passive DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596.002", "attack-object-name": "Search Open Technical Databases: WHOIS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596.002", "attack-object-name": "Search Open Technical Databases: WHOIS", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596.003", "attack-object-name": "Search Open Technical Databases: Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596.003", "attack-object-name": "Search Open Technical Databases: Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596.004", "attack-object-name": "Search Open Technical Databases: CDNs", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596.004", "attack-object-name": "Search Open Technical Databases: CDNs", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596.005", "attack-object-name": "Search Open Technical Databases: Scan Databases", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596.005", "attack-object-name": "Search Open Technical Databases: Scan Databases", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1597", "attack-object-name": "Search Closed Sources", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1597", "attack-object-name": "Search Closed Sources", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1597.001", "attack-object-name": "Search Closed Sources: Threat Intel Vendors", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1597.001", "attack-object-name": "Search Closed Sources: Threat Intel Vendors", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1597.002", "attack-object-name": "Search Closed Sources: Purchase Technical Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1597.002", "attack-object-name": "Search Closed Sources: Purchase Technical Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "Data from Configuration Repository: SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Data from Configuration Repository: Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1614", "attack-object-name": "System Location Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Forced browsing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.003", "attack-object-name": "Acquire Infrastructure: Virtual Private Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Forced browsing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.003", "attack-object-name": "Acquire Infrastructure: Virtual Private Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.003", "attack-object-name": "Acquire Infrastructure: Virtual Private Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.003", "attack-object-name": "Acquire Infrastructure: Virtual Private Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.004", "attack-object-name": "Acquire Infrastructure: Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Forced browsing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.004", "attack-object-name": "Acquire Infrastructure: Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.004", "attack-object-name": "Acquire Infrastructure: Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.004", "attack-object-name": "Acquire Infrastructure: Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.006", "attack-object-name": "Acquire Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Forced browsing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.006", "attack-object-name": "Acquire Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.006", "attack-object-name": "Acquire Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.006", "attack-object-name": "Acquire Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Website", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.006", "attack-object-name": "Acquire Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.006", "attack-object-name": "Acquire Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP Response Splitting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP request smuggling", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP request splitting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP response smuggling", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Session fixation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Routing detour", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "Man-in-the-Middle: LLMNR/NBT-NS Poisoning and Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "Man-in-the-Middle: ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Use Alternate Authentication Material: Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Pass-the-hash", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Use Alternate Authentication Material: Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Use Alternate Authentication Material: Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.3rd party desktop", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Desktop sharing software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Remote injection", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Server Software Component: Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Server Software Component: Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Server Software Component: Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAT", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Download by malware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Encrypted Channels: Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Encrypted Channels: Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Encrypted Channels: Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Encrypted Channels: Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Services: Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Services: Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Desktop sharing software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "Remote Services: SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "Remote Services: SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Remote Services: Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Remote Services: Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "Remote Services: SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "Remote Services: SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "Remote Services: VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "Remote Services: VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Desktop sharing software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Remote Services: Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Remote Services: Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Valid Accounts: Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Valid Accounts: Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Valid Accounts: Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Valid Accounts: Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Access Token Manipulation: Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Access Token Manipulation: Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Access Token Manipulation: Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134.004", "attack-object-name": "Access Token Manipulation: Parent PID Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "Access Token Manipulation: SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Use Alternate Authentication Material: Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Use Alternate Authentication Material: Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Use Alternate Authentication Material: Web Session Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Steal or Forge Kerberos Tickets: Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Steal or Forge Kerberos Tickets: Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Steal or Forge Kerberos Tickets: Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1586", "attack-object-name": "Compromise Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1586.001", "attack-object-name": "Compromise Account: Social Media Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1586.001", "attack-object-name": "Compromise Account: Social Media Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1586.001", "attack-object-name": "Compromise Account: Social Media Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1586.002", "attack-object-name": "Compromise Account: Email Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Virtual machine escape", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XML external entities", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XML injection", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XML injection", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1010", "attack-object-name": "Application Window Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XPath injection", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1010", "attack-object-name": "Application Window Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583", "attack-object-name": "Acquire Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583", "attack-object-name": "Acquire Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - download", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.001", "attack-object-name": "Acquire Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.001", "attack-object-name": "Acquire Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.001", "attack-object-name": "Acquire Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.001", "attack-object-name": "Acquire Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.002", "attack-object-name": "Acquire Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.002", "attack-object-name": "Acquire Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.002", "attack-object-name": "Acquire Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.002", "attack-object-name": "Acquire Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584", "attack-object-name": "Compromise Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584", "attack-object-name": "Compromise Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - download", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584", "attack-object-name": "Compromise Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584", "attack-object-name": "Compromise Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.001", "attack-object-name": "Compromise Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.001", "attack-object-name": "Compromise Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.001", "attack-object-name": "Compromise Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.001", "attack-object-name": "Compromise Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.002", "attack-object-name": "Compromise Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.002", "attack-object-name": "Compromise Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.002", "attack-object-name": "Compromise Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Compromised server", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.002", "attack-object-name": "Compromise Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.003", "attack-object-name": "Compromise Infrastructure: Virtual Private Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.003", "attack-object-name": "Compromise Infrastructure: Virtual Private Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Compromised server", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.003", "attack-object-name": "Compromise Infrastructure: Virtual Private Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.004", "attack-object-name": "Compromise Infrastructure: Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.004", "attack-object-name": "Compromise Infrastructure: Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Compromised server", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.004", "attack-object-name": "Compromise Infrastructure: Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.006", "attack-object-name": "Compromise Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.006", "attack-object-name": "Compromise Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.006", "attack-object-name": "Compromise Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587", "attack-object-name": "Develop Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587", "attack-object-name": "Develop Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Bot", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Payload", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Ransomware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Trojan", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.002", "attack-object-name": "Develop Capabilities: Code Signing Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.002", "attack-object-name": "Develop Capabilities: Code Signing Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.003", "attack-object-name": "Develop Capabilities: Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.003", "attack-object-name": "Develop Capabilities: Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.004", "attack-object-name": "Develop Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.004", "attack-object-name": "Develop Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.004", "attack-object-name": "Develop Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Exploit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.004", "attack-object-name": "Develop Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Exploit Kits", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588", "attack-object-name": "Obtain Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588", "attack-object-name": "Obtain Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Bot", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Payload", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Ransomware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Trojan", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.002", "attack-object-name": "Obtain Capabilities: Tool", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.003", "attack-object-name": "Obtain Capabilities: Code Signing Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.003", "attack-object-name": "Obtain Capabilities: Code Signing Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.004", "attack-object-name": "Obtain Capabilities: Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.004", "attack-object-name": "Obtain Capabilities: Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.005", "attack-object-name": "Obtain Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.005", "attack-object-name": "Obtain Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.005", "attack-object-name": "Obtain Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Exploit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.005", "attack-object-name": "Obtain Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Exploit Kits", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.006", "attack-object-name": "Obtain Capabilities: Vulnerabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.006", "attack-object-name": "Obtain Capabilities: Vulnerabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundry Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Boundry Bridging: Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Forge Web Credentials: Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "Forge Web Credentials: SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Created account", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Adminware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Trojan", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Desktop sharing software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Adminware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Hypervisor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Inter-tenant", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Adware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Software update", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Supply Chain Compromise: Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Supply Chain Compromise: Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Supply Chain Compromise: Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Physical access", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Traffic Signaling: Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Traffic Signaling: Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Data Obfuscation: Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Data Obfuscation: Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Application Layer Protocol: Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Application Layer Protocol: Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "Application Layer Protocol: File Transfer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "Application Layer Protocol: File Transfer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Application Layer Protocol: Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Application Layer Protocol: Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "Application Layer Protocol: DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "Application Layer Protocol: DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Proxy: Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "Proxy: External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Proxy: Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.004", "attack-object-name": "Proxy: Domain Fronting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Web Service: Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Web Service: Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "Web Service: One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Data Encoding: Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Data Encoding: Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.001", "attack-object-name": "Dynamic Resolution: Fast Flux DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Dynamic Resolution: Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.003", "attack-object-name": "Dynamic Resolution: DNS Calculation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056", "attack-object-name": "Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.001", "attack-object-name": "Input Capture: Keylogging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "Input Capture: GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Input Capture: Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.004", "attack-object-name": "Input Capture: Credential API Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.004", "attack-object-name": "Input Capture: Credential API Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.004", "attack-object-name": "Input Capture: Credential API Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Spyware/Keylogger", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1113", "attack-object-name": "Screen Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Email Collection: Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Email Collection: Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Collection: Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Collection: Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1123", "attack-object-name": "Audio Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1125", "attack-object-name": "Video Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - drive-by", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1207", "attack-object-name": "Rogue Domain Controller", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1217", "attack-object-name": "Browser Bookmark Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "OS Credential Dumping: Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "OS Credential Dumping: Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "OS Credential Dumping: Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAM scraper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "OS Credential Dumping: NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "OS Credential Dumping: NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "OS Credential Dumping: DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "OS Credential Dumping: DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "OS Credential Dumping: DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "OS Credential Dumping: /etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "OS Credential Dumping: /etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1033", "attack-object-name": "System Owner/User Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1039", "attack-object-name": "Data from Network Shared Drive", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Data from Information Repositories: Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Data from Information Repositories: Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Click fraud", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Click fraud and cryptocurrency mining", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Cryptocurrency mining", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Client-side attack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Indicator Removal on Host: Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Indicator Removal on Host: Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Log tampering", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Indicator Removal on Host: Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Indicator Removal on Host: Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Log tampering", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Indicator Removal on Host: Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.004", "attack-object-name": "Indicator Removal on Host: File Deletion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.005", "attack-object-name": "Indicator Removal on Host: Network Share Connection Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.006", "attack-object-name": "Indicator Removal on Host: Timestomp", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Wipe: Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Wipe: Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1006", "attack-object-name": "Direct Volume Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027.001", "attack-object-name": "Obfuscated Files or Information: Binary Padding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Obfuscated Files or Information: Software Packaging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027.003", "attack-object-name": "Obfuscated Files or Information: Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027.004", "attack-object-name": "Obfuscated Files or Information: Compile After Dilevery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027.005", "attack-object-name": "Obfuscated Files or Information: Indicator Removal from Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Masquerading: Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.002", "attack-object-name": "Masquerading: Right-to-Left Override", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.002", "attack-object-name": "Masquerading: Right-to-Left Override", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Forgery", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.002", "attack-object-name": "Masquerading: Right-to-Left Override", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Masquerading: Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Masquerading: Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.004", "attack-object-name": "Masquerading: Masquerade Task or Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Masquerading: Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.006", "attack-object-name": "Masquerading: Space after Filename", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "File and Directory Permissions Modification: Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "File and Directory Permissions Modification: Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Ransomware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497.001", "attack-object-name": "Virtualization/Sandbox Evasion: System Checks", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497.002", "attack-object-name": "Virtualization/Sandbox Evasion: User Activity Based Checks", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497.003", "attack-object-name": "Virtualization/Sandbox Evasion: Time Based Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Contols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Subvert Trust Contols: Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.002", "attack-object-name": "Subvert Trust Contols: Code Signing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "Subvert Trust Contols: SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Subvert Trust Contols: Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Subvert Trust Contols: Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Subvert Trust Contols: Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Impair Defenses: Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Impair Defenses: Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Defenses: Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Impair Defenses: Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Impair Defenses: Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Impair Defenses: Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Impair Defenses: Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "Hijack Execution Flow: COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1600.001", "attack-object-name": "Weaken Encryption: Reduce Key Space", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1600.002", "attack-object-name": "Weaken Encryption: Disable Crypto Hardware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Modify System Image: Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Modify System Image: Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Other Network Medium: Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1020", "attack-object-name": "Automated Exfiltration", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Automated Exfiltration: Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Alternative Protocol: Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protcol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration Over Physical Medium: Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1074", "attack-object-name": "Data Staged", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1074.001", "attack-object-name": "Data Staged: Local Data Staging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1074.002", "attack-object-name": "Data Staged: Remote Data Staging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive Collected Data: Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1560.002", "attack-object-name": "Archive Collected Data: Archive via Library", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1560.003", "attack-object-name": "Archive Collected Data: Archive via Custom Method", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration Over Web Service: Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration Over Web Service: Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "OS Credential Dumping: Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "OS Credential Dumping: Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Process Injection: Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Process Injection: Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Process Injection: Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Process Injection: Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Process Injection: Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Process Injection: Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Process Injection: Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Process Injection: Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Injection: Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Injection: Process Doppelganging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "Process Injection: VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1115", "attack-object-name": "Clipboard Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Packet sniffer", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "OS Credential Dumping: LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "OS Credential Dumping: LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAM scraper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "OS Credential Dumping: LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "OS Credential Dumping: LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAM scraper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "OS Credential Dumping: Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "OS Credential Dumping: Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAM scraper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "OS Credential Dumping: Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email link", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Unsecured Credentials: Credentials in Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Unsecured Credentials: Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Unsecured Credentials: Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Unsecured Credentials: Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Unsecured Credentials: Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Unsecured Credentials: Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Credentials from Password Stores: Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Credentials from Password Stores: Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Credentials from Password Stores: Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAM scraper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.003", "attack-object-name": "Credentials from Password Stores: Credentials from Web Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Credentials from Password Stores: Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Credentials from Password Stores: Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Ransomware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1014", "attack-object-name": "Rootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "Pre-OS Boot: System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542.002", "attack-object-name": "Pre-OS Boot: Component Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Pre-OS Boot: Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "Pre-OS Boot: ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "Pre-OS Boot: TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1016", "attack-object-name": "System Network Configuration Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1016.001", "attack-object-name": "System Network Configuration Discovery: Internet Connection Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1018", "attack-object-name": "Remote System Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1049", "attack-object-name": "System Network Connections Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595.001", "attack-object-name": "Active Scanning: Scanning IP Blocks", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595.001", "attack-object-name": "Active Scanning: Scanning IP Blocks", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "User Execution: Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Trojan", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "User Execution: Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "User Execution: Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "User Execution: Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Worm", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Worm", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Removable media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Data Obfuscation: Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Data Obfuscation: Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1140", "attack-object-name": "Deobfuscate/Decode Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "User Execution: Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "User Execution: Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email link", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "User Execution: Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "User Execution: Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "User Execution: Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "User Execution: Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.001", "attack-object-name": "Stage Capabilities: Upload Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.001", "attack-object-name": "Stage Capabilities: Upload Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Website", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.002", "attack-object-name": "Stage Capabilities: Upload Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.002", "attack-object-name": "Stage Capabilities: Upload Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Website", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.003", "attack-object-name": "Stage Capabilities: Install Digital Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.003", "attack-object-name": "Stage Capabilities: Install Digital Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.004", "attack-object-name": "Stage Capabilities: Drive-by Target", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.004", "attack-object-name": "Stage Capabilities: Drive-by Target", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Website", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.005", "attack-object-name": "Stage Capabilities: Link Target", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Phishing: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Phishing: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Phishing: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Phishing for Information: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Phishing for Information: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Phishing for Information: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Phishing for Information: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Phishing: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email link", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Phishing: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Phishing: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Phishing for Information: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email link", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Phishing for Information: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Phishing for Information: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Phishing for Information: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Instant messaging", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Removable media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - drive-by", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Phishing: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Phishing: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Phishing: Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Phishing: Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Phishing for Information: Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Phishing for Information: Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Phishing for Information: Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1534", "attack-object-name": "Internal Spearphishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1534", "attack-object-name": "Internal Spearphishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Misrepresentation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585", "attack-object-name": "Establish Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585", "attack-object-name": "Establish Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Persona", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585.001", "attack-object-name": "Establish Accounts: Social Media Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585.001", "attack-object-name": "Establish Accounts: Social Media Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Persona", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585.002", "attack-object-name": "Establish Accounts: Email Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585.002", "attack-object-name": "Establish Accounts: Email Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Persona", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.001", "attack-object-name": "Event Triggered Execution: Change Default File Association", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Event Triggered Execution Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Event Triggered Execution: Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Event Triggered Execution: Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.005", "attack-object-name": "Event Triggered Execution: Trap", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "Event Triggered Execution: LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.007", "attack-object-name": "Event Triggered Execution: Netsh Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Event Triggered Execution: Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "Event Triggered Execution: AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "Event Triggered Execution: AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Event Triggered Execution: Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.012", "attack-object-name": "Event Triggered Execution: Image File Execution Options Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "Event Triggered Execution: PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Event Triggered Execution: Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.015", "attack-object-name": "Event Triggered Execution: Component Object Model Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Create Account: Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Created account", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Create Account: Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Created account", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Create Account: Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Created account", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Defacement", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Defacement: Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Defacement", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "Defacement: External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Defacement", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Boot or Logon Initialization Scripts: Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Boot or Logon Initialization Scripts: Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Boot or Logon Initialization Scripts: Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Boot or Logon Initialization Scripts: RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Boot or Logon Initialization Scripts: Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1484.001", "attack-object-name": "Domain Policy Modification: Group Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1484.002", "attack-object-name": "Domain Policy Modification: Domain Trust Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.001", "attack-object-name": "Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Boot or Logon Autostart Execution: Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Boot or Logon Autostart Execution: Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Boot or Logon Autostart Execution: Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Boot or Logon Autostart Execution: Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Boot or Logon Autostart Execution: Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Boot or Logon Autostart Execution: Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "Boot or Logon Autostart Execution: LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Boot or Logon Autostart Execution: Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.010", "attack-object-name": "Boot or Logon Autostart Execution: Port Monitors", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Boot or Logon Autostart Execution: Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Boot or Logon Autostart Execution: Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "Boot or Logon Autostart Execution: XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Modify Authentication Process: Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Modify Authentication Process: Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Modify Authentication Process: Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Modify Authentication Process: Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Modify Authentication Process: Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Modify Authentication Process: Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Data Manipulation: Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Data Manipulation: Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Data Manipulation: Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Account Manipulation: Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Account Manipulation: Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Account Manipulation: Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "Account Manipulation: SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.014", "attack-object-name": "Boot or Logon Autostart Execution: Active Setup", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Repurpose", "mapping-type": "related-to"}]} \ No newline at end of file +{"metadata": {"mapping-version": "1.9", "attack-version": "9.0", "technology-domain": "enterprise", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "VERIS Framework", "mapping-framework-version": "1.3.5"}, "attack-objects": [{"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Direct install", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.001", "attack-object-name": "Scheduled Task/Job: At (Linux)", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "Scheduled Task/Job: At (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Scheduled Task/Job: Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.004", "attack-object-name": "Scheduled Task/Job: Launchd", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task/Job: Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Scheduled Task/Job: Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Scheduled Task/Job: Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "Command and Scripting Interpreter: PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "Command and Scripting Interpreter: PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "Command and Scripting Interpreter: AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "Command and Scripting Interpreter: AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Command and Scripting Interpreter: Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Command and Scripting Interpreter: Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Command and Scripting Interpreter: Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Command and Scripting Interpreter: Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Command and Scripting Interpreter: Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Command and Scripting Interpreter: Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Command and Scripting Interpreter: Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Command and Scripting Interpreter: Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Command and Scripting Interpreter: Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "Command and Scripting Interpreter: JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "Command and Scripting Interpreter: JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "Command and Scripting Interpreter: JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Command and Scripting Interpreter: Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Command and Scripting Interpreter: Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Adminware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Software update", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "Tursted Developer Utilities Proxy Execution: MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "Tursted Developer Utilities Proxy Execution: MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Application Startup: Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Application Startup: Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Office Application Startup: Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Office Application Startup: Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Office Application Startup: Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1202", "attack-object-name": "Indirect Command Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "Signed Script Proxy Execution: PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Signed Binary Proxy Execution: Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Signed Binary Proxy Execution: Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "Signed Binary Proxy Execution: CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "Signed Binary Proxy Execution: InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Signed Binary Proxy Execution: Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Signed Binary Proxy Execution: Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Signed Binary Proxy Execution: Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Signed Binary Proxy Execution: Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Signed Binary Proxy Execution: Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Signed Binary Proxy Execution: Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Signed Binary Proxy Execution: Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "Server Software Component: SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "Server Software Component: SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "Server Software Component: SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "Server Software Component: SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Server Software Component: Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Server Software Component: Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Server Software Component: Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Server Software Component: Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1529", "attack-object-name": "System Shutdown/Reboot", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Create or Modify System Process: Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Create or Modify System Process: Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Create or Modify System Process: Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Create or Modify System Process: Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAT", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Create or Modify System Process: Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Abuse Elevation Control Mechanism: Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Abuse Elevation Control Mechanism: Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Abuse Elevation Control Mechanism: Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Abuse Elevation Control Mechanism: Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Abuse Elevation Control Mechanism: Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Abuse Elevation Control Mechanism: Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Abuse Elevation Control Mechanism: Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Client-side attack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Abuse Elevation Control Mechanism: Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Abuse Elevation Control Mechanism: Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Inter-Process Communication: Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Inter-Process Communication: Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "Remote Service Session Hijacking: SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "Remote Service Session Hijacking: SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "Remote Service Session Hijacking: RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "Remote Service Session Hijacking: RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564", "attack-object-name": "Hide Artifacts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.001", "attack-object-name": "Hide Artifacts: Hidden Files and Directories", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hide Artifacts: Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hide Artifacts: Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "Hide Artifacts: NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.005", "attack-object-name": "Hide Artifacts: Hidden File System", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Hide Artifacts: Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "Hide Artifacts: VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "Hide Artifacts: VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Trojan", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "System Services: Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "System Services: Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "System Services: Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Direct install", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Computer Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Computer Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Hypervisor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Computer Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Inter-tenant", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Modify Cloud Computer Infrastructure: Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Modify Cloud Computer Infrastructure: Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Modify Cloud Computer Infrastructure: Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578.004", "attack-object-name": "Modify Cloud Computer Infrastructure: Revert Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Brute Force: Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Brute Force: Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Brute Force: Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Brute Force: Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Offline cracking", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Brute Force: Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Brute Force: Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Brute Force: Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Brute Force: Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Brute Force: Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Buffer overflow", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP Response Splitting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP request smuggling", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP request splitting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP response smuggling", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Client-side attack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1600", "attack-object-name": "Weaken Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Cryptanalysis", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1600", "attack-object-name": "Weaken Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Network Denial of Service: Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Network Denial of Service: Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Network Denial of Service: Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Network Denial of Service: Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Soap array abuse", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XML attribute blowup", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XML entity expansion", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XML external entities", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "Endpoint Denial of Service: OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "Endpoint Denial of Service: OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Endpoint Denial of Service: Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Endpoint Denial of Service: Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Endpoint Denial of Service: Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Endpoint Denial of Service: Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Endpoint Denial of Service: Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Endpoint Denial of Service: Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.005", "attack-object-name": "Acquire Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.005", "attack-object-name": "Acquire Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.005", "attack-object-name": "Acquire Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Bot", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.005", "attack-object-name": "Acquire Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Botnet", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.005", "attack-object-name": "Compromise Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.005", "attack-object-name": "Compromise Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.005", "attack-object-name": "Compromise Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.005", "attack-object-name": "Compromise Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Format string attack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Fuzz testing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Insecure deserialization", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Integer overflows", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.LDAP injection", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1210", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Session fixation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - drive-by", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "Steal or Forge Kerberos Tickets: AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "Steal or Forge Kerberos Tickets: AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "Steal or Forge Kerberos Tickets: AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "Hijack Execution Flow: DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "Hijack Execution Flow: DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "Hijack Execution Flow: DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "Hijack Execution Flow: DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "Hijack Execution Flow: DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "Hijack Execution Flow: DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Hijack Execution Flow: Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Hijack Execution Flow: Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Hijack Execution Flow: Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Hijack Execution Flow: Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Hijack Execution Flow: Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Hijack Execution Flow: Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595.002", "attack-object-name": "Active Scanning: Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595.002", "attack-object-name": "Active Scanning: Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595.002", "attack-object-name": "Active Scanning: Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595.002", "attack-object-name": "Active Scanning: Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1007", "attack-object-name": "System Service Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1012", "attack-object-name": "Query Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1057", "attack-object-name": "Process Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1069", "attack-object-name": "Permission Groups Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1069.001", "attack-object-name": "Permission Groups Discovery: Local Groups", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1069.002", "attack-object-name": "Permission Groups Discovery: Domain Groups", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1069.003", "attack-object-name": "Permission Groups Discovery: Cloud Groups", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1082", "attack-object-name": "System Information Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Account Discovery: Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1087.002", "attack-object-name": "Account Discovery: Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1087.003", "attack-object-name": "Account Discovery: Email Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1087.004", "attack-object-name": "Account Discovery: Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1120", "attack-object-name": "Peripheral Device Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1124", "attack-object-name": "System Time Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1480", "attack-object-name": "Execution Guardrails", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1480.001", "attack-object-name": "Execution Guardrails: Environmental Keying", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1518", "attack-object-name": "Software Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1518.001", "attack-object-name": "Software Discovery: Security Software Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1526", "attack-object-name": "Cloud Service Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1538", "attack-object-name": "Cloud Service Dashboard", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589", "attack-object-name": "Gather Victim Identity Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589", "attack-object-name": "Gather Victim Identity Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Personal Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589.001", "attack-object-name": "Gather Victim Identity Information: Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589.001", "attack-object-name": "Gather Victim Identity Information: Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Lost or stolen credentials", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589.001", "attack-object-name": "Gather Victim Identity Information: Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Personal Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589.002", "attack-object-name": "Gather Victim Identity Information: Email Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589.002", "attack-object-name": "Gather Victim Identity Information: Email Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Email addresses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589.002", "attack-object-name": "Gather Victim Identity Information: Email Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Personal Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589.003", "attack-object-name": "Gather Victim Identity Information: Employee Names", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589.003", "attack-object-name": "Gather Victim Identity Information: Employee Names", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Personal Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590", "attack-object-name": "Gather Victim Network Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590", "attack-object-name": "Gather Victim Network Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.001", "attack-object-name": "Gather Victim Network Information: Domain Properties", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.001", "attack-object-name": "Gather Victim Network Information: Domain Properties", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.002", "attack-object-name": "Gather Victim Network Information: DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.002", "attack-object-name": "Gather Victim Network Information: DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.003", "attack-object-name": "Gather Victim Network Information: Network Trust Dependencies", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.003", "attack-object-name": "Gather Victim Network Information: Network Trust Dependencies", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.004", "attack-object-name": "Gather Victim Network Information: Network Topology", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.004", "attack-object-name": "Gather Victim Network Information: Network Topology", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.005", "attack-object-name": "Gather Victim Network Information: IP Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.005", "attack-object-name": "Gather Victim Network Information: IP Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.006", "attack-object-name": "Gather Victim Network Information: Network Security Appliances", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.006", "attack-object-name": "Gather Victim Network Information: Network Security Appliances", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1591", "attack-object-name": "Gather Victim Org Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1591", "attack-object-name": "Gather Victim Org Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1591.001", "attack-object-name": "Gather Victim Org Information: Determine Physical Locations", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1591.001", "attack-object-name": "Gather Victim Org Information: Determine Physical Locations", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1591.002", "attack-object-name": "Gather Victim Org Information: Business Relationships", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1591.002", "attack-object-name": "Gather Victim Org Information: Business Relationships", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1591.003", "attack-object-name": "Gather Victim Org Information: Identify Business Tempo", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1591.003", "attack-object-name": "Gather Victim Org Information: Identify Business Tempo", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1591.004", "attack-object-name": "Gather Victim Org Information: Identify Roles", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1591.004", "attack-object-name": "Gather Victim Org Information: Identify Roles", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592", "attack-object-name": "Gather Victim Host Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592", "attack-object-name": "Gather Victim Host Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.001", "attack-object-name": "Gather Victim Host Information: Hardware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.001", "attack-object-name": "Gather Victim Host Information: Hardware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.002", "attack-object-name": "Gather Victim Host Information: Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.002", "attack-object-name": "Gather Victim Host Information: Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.003", "attack-object-name": "Gather Victim Host Information: Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.003", "attack-object-name": "Gather Victim Host Information: Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.004", "attack-object-name": "Gather Victim Host Information: Client Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.004", "attack-object-name": "Gather Victim Host Information: Client Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1593", "attack-object-name": "Search Open Websites/Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1593", "attack-object-name": "Search Open Websites/Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1593.001", "attack-object-name": "Search Open Websites/Domains: Social Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1593.001", "attack-object-name": "Search Open Websites/Domains: Social Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1593.002", "attack-object-name": "Search Open Websites/Domains: Search Engines", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1593.002", "attack-object-name": "Search Open Websites/Domains: Search Engines", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1594", "attack-object-name": "Search Victim-Owned Websites", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1594", "attack-object-name": "Search Victim-Owned Websites", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596", "attack-object-name": "Search Open Technical Databases", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596", "attack-object-name": "Search Open Technical Databases", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596.001", "attack-object-name": "Search Open Technical Databases: DNS/Passive DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596.001", "attack-object-name": "Search Open Technical Databases: DNS/Passive DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596.002", "attack-object-name": "Search Open Technical Databases: WHOIS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596.002", "attack-object-name": "Search Open Technical Databases: WHOIS", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596.003", "attack-object-name": "Search Open Technical Databases: Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596.003", "attack-object-name": "Search Open Technical Databases: Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596.004", "attack-object-name": "Search Open Technical Databases: CDNs", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596.004", "attack-object-name": "Search Open Technical Databases: CDNs", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596.005", "attack-object-name": "Search Open Technical Databases: Scan Databases", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1596.005", "attack-object-name": "Search Open Technical Databases: Scan Databases", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1597", "attack-object-name": "Search Closed Sources", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1597", "attack-object-name": "Search Closed Sources", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1597.001", "attack-object-name": "Search Closed Sources: Threat Intel Vendors", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1597.001", "attack-object-name": "Search Closed Sources: Threat Intel Vendors", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1597.002", "attack-object-name": "Search Closed Sources: Purchase Technical Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1597.002", "attack-object-name": "Search Closed Sources: Purchase Technical Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "Data from Configuration Repository: SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Data from Configuration Repository: Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1614", "attack-object-name": "System Location Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Footprinting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Forced browsing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.003", "attack-object-name": "Acquire Infrastructure: Virtual Private Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Forced browsing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.003", "attack-object-name": "Acquire Infrastructure: Virtual Private Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.003", "attack-object-name": "Acquire Infrastructure: Virtual Private Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.003", "attack-object-name": "Acquire Infrastructure: Virtual Private Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.004", "attack-object-name": "Acquire Infrastructure: Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Forced browsing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.004", "attack-object-name": "Acquire Infrastructure: Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.004", "attack-object-name": "Acquire Infrastructure: Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.004", "attack-object-name": "Acquire Infrastructure: Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.006", "attack-object-name": "Acquire Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Forced browsing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.006", "attack-object-name": "Acquire Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.006", "attack-object-name": "Acquire Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.006", "attack-object-name": "Acquire Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Website", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.006", "attack-object-name": "Acquire Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.006", "attack-object-name": "Acquire Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP Response Splitting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP request smuggling", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP request splitting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP response smuggling", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Session fixation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Man in the Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Routing detour", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "Man-in-the-Middle: LLMNR/NBT-NS Poisoning and Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "Man-in-the-Middle: ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Use Alternate Authentication Material: Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Pass-the-hash", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Use Alternate Authentication Material: Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Use Alternate Authentication Material: Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.3rd party desktop", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Desktop sharing software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Remote injection", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Server Software Component: Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Server Software Component: Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Server Software Component: Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAT", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Container Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Download by malware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Encrypted Channels: Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Encrypted Channels: Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Encrypted Channels: Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Encrypted Channels: Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Services: Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Services: Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Desktop sharing software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "Remote Services: SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "Remote Services: SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Remote Services: Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Remote Services: Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "Remote Services: SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "Remote Services: SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "Remote Services: VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "Remote Services: VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Desktop sharing software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Remote Services: Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Remote Services: Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Valid Accounts: Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Valid Accounts: Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Valid Accounts: Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Valid Accounts: Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Access Token Manipulation: Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Access Token Manipulation: Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Access Token Manipulation: Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134.004", "attack-object-name": "Access Token Manipulation: Parent PID Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "Access Token Manipulation: SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Use Alternate Authentication Material: Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Use Alternate Authentication Material: Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Use Alternate Authentication Material: Web Session Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Steal or Forge Kerberos Tickets: Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Steal or Forge Kerberos Tickets: Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Steal or Forge Kerberos Tickets: Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1586", "attack-object-name": "Compromise Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1586.001", "attack-object-name": "Compromise Account: Social Media Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1586.001", "attack-object-name": "Compromise Account: Social Media Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1586.001", "attack-object-name": "Compromise Account: Social Media Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1586.002", "attack-object-name": "Compromise Account: Email Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Virtual machine escape", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XML external entities", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XML injection", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XML injection", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1010", "attack-object-name": "Application Window Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XPath injection", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1010", "attack-object-name": "Application Window Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583", "attack-object-name": "Acquire Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583", "attack-object-name": "Acquire Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - download", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.001", "attack-object-name": "Acquire Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.001", "attack-object-name": "Acquire Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.001", "attack-object-name": "Acquire Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.001", "attack-object-name": "Acquire Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.002", "attack-object-name": "Acquire Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.002", "attack-object-name": "Acquire Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.002", "attack-object-name": "Acquire Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.002", "attack-object-name": "Acquire Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584", "attack-object-name": "Compromise Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584", "attack-object-name": "Compromise Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - download", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584", "attack-object-name": "Compromise Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584", "attack-object-name": "Compromise Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.001", "attack-object-name": "Compromise Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.001", "attack-object-name": "Compromise Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.001", "attack-object-name": "Compromise Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.001", "attack-object-name": "Compromise Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.002", "attack-object-name": "Compromise Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.002", "attack-object-name": "Compromise Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.002", "attack-object-name": "Compromise Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Compromised server", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.002", "attack-object-name": "Compromise Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.003", "attack-object-name": "Compromise Infrastructure: Virtual Private Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.003", "attack-object-name": "Compromise Infrastructure: Virtual Private Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Compromised server", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.003", "attack-object-name": "Compromise Infrastructure: Virtual Private Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.004", "attack-object-name": "Compromise Infrastructure: Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.004", "attack-object-name": "Compromise Infrastructure: Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Compromised server", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.004", "attack-object-name": "Compromise Infrastructure: Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.006", "attack-object-name": "Compromise Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.006", "attack-object-name": "Compromise Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.006", "attack-object-name": "Compromise Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587", "attack-object-name": "Develop Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587", "attack-object-name": "Develop Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Bot", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Payload", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Ransomware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Trojan", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.002", "attack-object-name": "Develop Capabilities: Code Signing Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.002", "attack-object-name": "Develop Capabilities: Code Signing Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.003", "attack-object-name": "Develop Capabilities: Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.003", "attack-object-name": "Develop Capabilities: Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.004", "attack-object-name": "Develop Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.004", "attack-object-name": "Develop Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.004", "attack-object-name": "Develop Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Exploit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.004", "attack-object-name": "Develop Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Exploit Kits", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588", "attack-object-name": "Obtain Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588", "attack-object-name": "Obtain Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Bot", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Payload", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Ransomware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Trojan", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.002", "attack-object-name": "Obtain Capabilities: Tool", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.003", "attack-object-name": "Obtain Capabilities: Code Signing Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.003", "attack-object-name": "Obtain Capabilities: Code Signing Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.004", "attack-object-name": "Obtain Capabilities: Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.004", "attack-object-name": "Obtain Capabilities: Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.005", "attack-object-name": "Obtain Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.005", "attack-object-name": "Obtain Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.005", "attack-object-name": "Obtain Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Exploit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.005", "attack-object-name": "Obtain Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Exploit Kits", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.006", "attack-object-name": "Obtain Capabilities: Vulnerabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.006", "attack-object-name": "Obtain Capabilities: Vulnerabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundry Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Boundry Bridging: Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Forge Web Credentials: Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "Forge Web Credentials: SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Created account", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Adminware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Trojan", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Desktop sharing software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Adminware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Hypervisor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Inter-tenant", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Adware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Software update", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Supply Chain Compromise: Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Supply Chain Compromise: Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Supply Chain Compromise: Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Physical access", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Traffic Signaling: Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Traffic Signaling: Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Data Obfuscation: Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Data Obfuscation: Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Application Layer Protocol: Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Application Layer Protocol: Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "Application Layer Protocol: File Transfer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "Application Layer Protocol: File Transfer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Application Layer Protocol: Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Application Layer Protocol: Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "Application Layer Protocol: DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "Application Layer Protocol: DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Proxy: Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "Proxy: External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Proxy: Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.004", "attack-object-name": "Proxy: Domain Fronting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Web Service: Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Web Service: Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "Web Service: One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Data Encoding: Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Data Encoding: Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.001", "attack-object-name": "Dynamic Resolution: Fast Flux DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Dynamic Resolution: Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.003", "attack-object-name": "Dynamic Resolution: DNS Calculation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056", "attack-object-name": "Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.001", "attack-object-name": "Input Capture: Keylogging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "Input Capture: GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Input Capture: Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.004", "attack-object-name": "Input Capture: Credential API Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.004", "attack-object-name": "Input Capture: Credential API Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.004", "attack-object-name": "Input Capture: Credential API Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Spyware/Keylogger", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1113", "attack-object-name": "Screen Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Email Collection: Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Email Collection: Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Collection: Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Collection: Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1123", "attack-object-name": "Audio Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1125", "attack-object-name": "Video Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - drive-by", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1207", "attack-object-name": "Rogue Domain Controller", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1217", "attack-object-name": "Browser Bookmark Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "OS Credential Dumping: Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "OS Credential Dumping: Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "OS Credential Dumping: Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAM scraper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "OS Credential Dumping: NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "OS Credential Dumping: NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "OS Credential Dumping: DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "OS Credential Dumping: DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "OS Credential Dumping: DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "OS Credential Dumping: /etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "OS Credential Dumping: /etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1033", "attack-object-name": "System Owner/User Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1039", "attack-object-name": "Data from Network Shared Drive", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Data from Information Repositories: Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Data from Information Repositories: Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage Object", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Click fraud", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Click fraud and cryptocurrency mining", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Cryptocurrency mining", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Client-side attack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Indicator Removal on Host: Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Indicator Removal on Host: Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Log tampering", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Indicator Removal on Host: Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Indicator Removal on Host: Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Log tampering", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Indicator Removal on Host: Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.004", "attack-object-name": "Indicator Removal on Host: File Deletion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.005", "attack-object-name": "Indicator Removal on Host: Network Share Connection Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.006", "attack-object-name": "Indicator Removal on Host: Timestomp", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Wipe: Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Wipe: Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1006", "attack-object-name": "Direct Volume Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027.001", "attack-object-name": "Obfuscated Files or Information: Binary Padding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Obfuscated Files or Information: Software Packaging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027.003", "attack-object-name": "Obfuscated Files or Information: Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027.004", "attack-object-name": "Obfuscated Files or Information: Compile After Dilevery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027.005", "attack-object-name": "Obfuscated Files or Information: Indicator Removal from Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Masquerading: Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.002", "attack-object-name": "Masquerading: Right-to-Left Override", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.002", "attack-object-name": "Masquerading: Right-to-Left Override", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Forgery", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.002", "attack-object-name": "Masquerading: Right-to-Left Override", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Masquerading: Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Masquerading: Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.004", "attack-object-name": "Masquerading: Masquerade Task or Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Masquerading: Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.006", "attack-object-name": "Masquerading: Space after Filename", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "File and Directory Permissions Modification: Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "File and Directory Permissions Modification: Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Ransomware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497.001", "attack-object-name": "Virtualization/Sandbox Evasion: System Checks", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497.002", "attack-object-name": "Virtualization/Sandbox Evasion: User Activity Based Checks", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497.003", "attack-object-name": "Virtualization/Sandbox Evasion: Time Based Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Contols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Subvert Trust Contols: Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.002", "attack-object-name": "Subvert Trust Contols: Code Signing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "Subvert Trust Contols: SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Subvert Trust Contols: Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Subvert Trust Contols: Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Subvert Trust Contols: Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Impair Defenses: Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Impair Defenses: Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Defenses: Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Impair Defenses: Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Impair Defenses: Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Impair Defenses: Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Impair Defenses: Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "Hijack Execution Flow: COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1600.001", "attack-object-name": "Weaken Encryption: Reduce Key Space", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1600.002", "attack-object-name": "Weaken Encryption: Disable Crypto Hardware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Modify System Image: Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Modify System Image: Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Other Network Medium: Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1020", "attack-object-name": "Automated Exfiltration", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Automated Exfiltration: Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Alternative Protocol: Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protcol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration Over Physical Medium: Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1074", "attack-object-name": "Data Staged", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1074.001", "attack-object-name": "Data Staged: Local Data Staging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1074.002", "attack-object-name": "Data Staged: Remote Data Staging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive Collected Data: Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1560.002", "attack-object-name": "Archive Collected Data: Archive via Library", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1560.003", "attack-object-name": "Archive Collected Data: Archive via Custom Method", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration Over Web Service: Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration Over Web Service: Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "OS Credential Dumping: Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "OS Credential Dumping: Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Process Injection: Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Process Injection: Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Process Injection: Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Process Injection: Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Process Injection: Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Process Injection: Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Process Injection: Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Process Injection: Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Injection: Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Injection: Process Doppelganging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "Process Injection: VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1115", "attack-object-name": "Clipboard Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Packet sniffer", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": "Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "OS Credential Dumping: LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "OS Credential Dumping: LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAM scraper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "OS Credential Dumping: LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "OS Credential Dumping: LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAM scraper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "OS Credential Dumping: Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "OS Credential Dumping: Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAM scraper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "OS Credential Dumping: Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email link", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Unsecured Credentials: Credentials in Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Unsecured Credentials: Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Unsecured Credentials: Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Unsecured Credentials: Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Unsecured Credentials: Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Unsecured Credentials: Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Credentials from Password Stores: Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Credentials from Password Stores: Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Credentials from Password Stores: Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAM scraper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.003", "attack-object-name": "Credentials from Password Stores: Credentials from Web Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Credentials from Password Stores: Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Credentials from Password Stores: Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Ransomware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1014", "attack-object-name": "Rootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "Pre-OS Boot: System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542.002", "attack-object-name": "Pre-OS Boot: Component Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Pre-OS Boot: Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "Pre-OS Boot: ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "Pre-OS Boot: TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1016", "attack-object-name": "System Network Configuration Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1016.001", "attack-object-name": "System Network Configuration Discovery: Internet Connection Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1018", "attack-object-name": "Remote System Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1049", "attack-object-name": "System Network Connections Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595.001", "attack-object-name": "Active Scanning: Scanning IP Blocks", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595.001", "attack-object-name": "Active Scanning: Scanning IP Blocks", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "User Execution: Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Trojan", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "User Execution: Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "User Execution: Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "User Execution: Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Worm", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Worm", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Removable media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Data Obfuscation: Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Data Obfuscation: Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1140", "attack-object-name": "Deobfuscate/Decode Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "User Execution: Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "User Execution: Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email link", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "User Execution: Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "User Execution: Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "User Execution: Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "User Execution: Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.001", "attack-object-name": "Stage Capabilities: Upload Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.001", "attack-object-name": "Stage Capabilities: Upload Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Website", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.002", "attack-object-name": "Stage Capabilities: Upload Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.002", "attack-object-name": "Stage Capabilities: Upload Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Website", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.003", "attack-object-name": "Stage Capabilities: Install Digital Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.003", "attack-object-name": "Stage Capabilities: Install Digital Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.004", "attack-object-name": "Stage Capabilities: Drive-by Target", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.004", "attack-object-name": "Stage Capabilities: Drive-by Target", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Website", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.005", "attack-object-name": "Stage Capabilities: Link Target", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Phishing: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Phishing: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Phishing: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Phishing for Information: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Phishing for Information: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Phishing for Information: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Phishing for Information: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Phishing: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email link", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Phishing: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Phishing: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Phishing for Information: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email link", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Phishing for Information: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Phishing for Information: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Phishing for Information: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Instant messaging", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Removable media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - drive-by", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Phishing: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Phishing: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Phishing: Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Phishing: Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Phishing for Information: Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Phishing for Information: Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Phishing for Information: Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1534", "attack-object-name": "Internal Spearphishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1534", "attack-object-name": "Internal Spearphishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Misrepresentation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585", "attack-object-name": "Establish Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585", "attack-object-name": "Establish Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Persona", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585.001", "attack-object-name": "Establish Accounts: Social Media Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585.001", "attack-object-name": "Establish Accounts: Social Media Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Persona", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585.002", "attack-object-name": "Establish Accounts: Email Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585.002", "attack-object-name": "Establish Accounts: Email Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Persona", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.001", "attack-object-name": "Event Triggered Execution: Change Default File Association", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Event Triggered Execution Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Event Triggered Execution: Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Event Triggered Execution: Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.005", "attack-object-name": "Event Triggered Execution: Trap", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "Event Triggered Execution: LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.007", "attack-object-name": "Event Triggered Execution: Netsh Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Event Triggered Execution: Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "Event Triggered Execution: AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "Event Triggered Execution: AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Event Triggered Execution: Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.012", "attack-object-name": "Event Triggered Execution: Image File Execution Options Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "Event Triggered Execution: PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Event Triggered Execution: Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.015", "attack-object-name": "Event Triggered Execution: Component Object Model Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Create Account: Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Created account", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Create Account: Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Created account", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Create Account: Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Created account", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Defacement", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Defacement: Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Defacement", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "Defacement: External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Defacement", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Boot or Logon Initialization Scripts: Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Boot or Logon Initialization Scripts: Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Boot or Logon Initialization Scripts: Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Boot or Logon Initialization Scripts: RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Boot or Logon Initialization Scripts: Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1484.001", "attack-object-name": "Domain Policy Modification: Group Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1484.002", "attack-object-name": "Domain Policy Modification: Domain Trust Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.001", "attack-object-name": "Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Boot or Logon Autostart Execution: Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Boot or Logon Autostart Execution: Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Boot or Logon Autostart Execution: Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Boot or Logon Autostart Execution: Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Boot or Logon Autostart Execution: Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Boot or Logon Autostart Execution: Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "Boot or Logon Autostart Execution: LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Boot or Logon Autostart Execution: Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.010", "attack-object-name": "Boot or Logon Autostart Execution: Port Monitors", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.011", "attack-object-name": "Boot or Logon Autostart Execution: Plist Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Boot or Logon Autostart Execution: Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "Boot or Logon Autostart Execution: XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Modify Authentication Process: Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Modify Authentication Process: Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Modify Authentication Process: Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Modify Authentication Process: Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Modify Authentication Process: Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Modify Authentication Process: Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Data Manipulation: Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Data Manipulation: Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Data Manipulation: Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Account Manipulation: Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Account Manipulation: Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Account Manipulation: Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "Account Manipulation: SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.014", "attack-object-name": "Boot or Logon Autostart Execution: Active Setup", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Repurpose", "mapping-type": "related-to"}]} diff --git a/src/mappings_explorer/cli/parsed_mappings/veris/1.3.7/parsed_veris-1_3_7-mappings-enterprise.json b/src/mappings_explorer/cli/parsed_mappings/veris/1.3.7/parsed_veris-1_3_7-mappings-enterprise.json index 194d26c6..81dad1bc 100644 --- a/src/mappings_explorer/cli/parsed_mappings/veris/1.3.7/parsed_veris-1_3_7-mappings-enterprise.json +++ b/src/mappings_explorer/cli/parsed_mappings/veris/1.3.7/parsed_veris-1_3_7-mappings-enterprise.json @@ -1 +1 @@ -{"metadata": {"mapping-version": "2.0", "attack-version": "12.1", "technology-domain": "enterprise", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "VERIS Framework", "mapping-framework-version": "1.3.7"}, "attack-objects": [{"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Direct install", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "Scheduled Task/Job: At", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Scheduled Task/Job: Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task/Job: Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Scheduled Task/Job: Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Scheduled Task/Job: Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.OS commanding", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "Command and Scripting Interpreter: PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "Command and Scripting Interpreter: PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "Command and Scripting Interpreter: AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "Command and Scripting Interpreter: AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.OS commanding", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "Command and Scripting Interpreter: AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Command and Scripting Interpreter: Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Command and Scripting Interpreter: Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.OS commanding", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Command and Scripting Interpreter: Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Command and Scripting Interpreter: Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Command and Scripting Interpreter: Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.OS commanding", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Command and Scripting Interpreter: Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Command and Scripting Interpreter: Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Command and Scripting Interpreter: Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Command and Scripting Interpreter: Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Command and Scripting Interpreter: Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Command and Scripting Interpreter: Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "Command and Scripting Interpreter: JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "Command and Scripting Interpreter: JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "Command and Scripting Interpreter: JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Command and Scripting Interpreter: Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Command and Scripting Interpreter: Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Adminware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Software update", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "Tursted Developer Utilities Proxy Execution: MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "Tursted Developer Utilities Proxy Execution: MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Application Startup: Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Application Startup: Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Office Application Startup: Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Office Application Startup: Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Office Application Startup: Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1202", "attack-object-name": "Indirect Command Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "Signed Script Proxy Execution: PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Signed Binary Proxy Execution: Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Signed Binary Proxy Execution: Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "Signed Binary Proxy Execution: CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "Signed Binary Proxy Execution: InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Signed Binary Proxy Execution: Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Signed Binary Proxy Execution: Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Signed Binary Proxy Execution: Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Signed Binary Proxy Execution: Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Signed Binary Proxy Execution: Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Signed Binary Proxy Execution: Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Signed Binary Proxy Execution: Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "System Binary Proxy Execution: Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "System Binary Proxy Execution: MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "Server Software Component: SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "Server Software Component: SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "Server Software Component: SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Server Software Component: Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Server Software Component: Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Server Software Component: Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1529", "attack-object-name": "System Shutdown/Reboot", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1529", "attack-object-name": "System Shutdown/Reboot", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Create or Modify System Process: Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Create or Modify System Process: Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Create or Modify System Process: Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Create or Modify System Process: Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Create or Modify System Process: Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Create or Modify System Process: Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAT", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Create or Modify System Process: Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Create or Modify System Process: Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Create or Modify System Process: Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Abuse Elevation Control Mechanism: Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Abuse Elevation Control Mechanism: Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Abuse Elevation Control Mechanism: Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Abuse Elevation Control Mechanism: Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Abuse Elevation Control Mechanism: Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Abuse Elevation Control Mechanism: Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Abuse Elevation Control Mechanism: Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Client-side attack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Abuse Elevation Control Mechanism: Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Abuse Elevation Control Mechanism: Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Inter-Process Communication: Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Inter-Process Communication: Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "Remote Service Session Hijacking: SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "Remote Service Session Hijacking: SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "Remote Service Session Hijacking: SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "Remote Service Session Hijacking: RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "Remote Service Session Hijacking: RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "Remote Service Session Hijacking: RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564", "attack-object-name": "Hide Artifacts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564", "attack-object-name": "Hide Artifacts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564", "attack-object-name": "Hide Artifacts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564", "attack-object-name": "Hide Artifacts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.001", "attack-object-name": "Hide Artifacts: Hidden Files and Directories", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.001", "attack-object-name": "Hide Artifacts: Hidden Files and Directories", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.001", "attack-object-name": "Hide Artifacts: Hidden Files and Directories", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.001", "attack-object-name": "Hide Artifacts: Hidden Files and Directories", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hide Artifacts: Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hide Artifacts: Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hide Artifacts: Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hide Artifacts: Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hide Artifacts: Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hide Artifacts: Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hide Artifacts: Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hide Artifacts: Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "Hide Artifacts: NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "Hide Artifacts: NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "Hide Artifacts: NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "Hide Artifacts: NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.005", "attack-object-name": "Hide Artifacts: Hidden File System", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.005", "attack-object-name": "Hide Artifacts: Hidden File System", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.005", "attack-object-name": "Hide Artifacts: Hidden File System", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.005", "attack-object-name": "Hide Artifacts: Hidden File System", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Hide Artifacts: Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Hide Artifacts: Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Hide Artifacts: Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Hide Artifacts: Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "Hide Artifacts: VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "Hide Artifacts: VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "Hide Artifacts: VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "Hide Artifacts: VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Trojan", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "Hide Artifacts: VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "System Services: Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "System Services: Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "System Services: Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Direct install", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Computer Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Computer Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Hypervisor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Computer Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Inter-tenant", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Modify Cloud Computer Infrastructure: Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Modify Cloud Computer Infrastructure: Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Modify Cloud Computer Infrastructure: Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578.004", "attack-object-name": "Modify Cloud Computer Infrastructure: Revert Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Adminware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Trojan", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Created account", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XML injection", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.3rd party desktop", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Desktop sharing software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.VPN", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Remote injection", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAT", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Brute Force: Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Brute Force: Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Brute Force: Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Brute Force: Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Offline cracking", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Brute Force: Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Brute Force: Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Brute Force: Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Brute Force: Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Brute Force: Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Buffer overflow", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP request smuggling", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP request splitting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP response smuggling", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP response splitting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Client-side attack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "Adversary-in-the-Middle: ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Cache poisoning", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "Adversary-in-the-Middle: ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "Adversary-in-the-Middle: ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1600", "attack-object-name": "Weaken Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Cryptanalysis", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1600", "attack-object-name": "Weaken Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Network Denial of Service: Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Network Denial of Service: Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Network Denial of Service: Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Network Denial of Service: Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Network Denial of Service: Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Network Denial of Service: Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Network Denial of Service: Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Network Denial of Service: Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Soap array abuse", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XML external entities", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "Endpoint Denial of Service: OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "Endpoint Denial of Service: OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "Endpoint Denial of Service: OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "Endpoint Denial of Service: OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Endpoint Denial of Service: Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Endpoint Denial of Service: Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Endpoint Denial of Service: Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Endpoint Denial of Service: Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Endpoint Denial of Service: Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Endpoint Denial of Service: Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Endpoint Denial of Service: Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Endpoint Denial of Service: Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Endpoint Denial of Service: Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Endpoint Denial of Service: Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Endpoint Denial of Service: Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Endpoint Denial of Service: Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.005", "attack-object-name": "Acquire Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.005", "attack-object-name": "Acquire Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.005", "attack-object-name": "Acquire Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Bot", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.005", "attack-object-name": "Compromise Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.005", "attack-object-name": "Compromise Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1014", "attack-object-name": "Rootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1014", "attack-object-name": "Rootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1014", "attack-object-name": "Rootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1014", "attack-object-name": "Rootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Data Obfuscation: Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Data Obfuscation: Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Data Obfuscation: Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Data Obfuscation: Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Data Obfuscation: Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Data Obfuscation: Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Data Obfuscation: Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Data Obfuscation: Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Data Encoding: Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Data Encoding: Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Data Encoding: Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Data Encoding: Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Data Encoding: Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Data Encoding: Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Download by malware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.001", "attack-object-name": "Dynamic Resolution: Fast Flux DSN", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.001", "attack-object-name": "Dynamic Resolution: Fast Flux DSN", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.001", "attack-object-name": "Dynamic Resolution: Fast Flux DSN", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Dynamic Resolution: Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Dynamic Resolution: Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Dynamic Resolution: Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.003", "attack-object-name": "Dynamic Resolution: DNS Calculation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.003", "attack-object-name": "Dynamic Resolution: DNS Calculation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.003", "attack-object-name": "Dynamic Resolution: DNS Calculation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Encrypted Channels: Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Encrypted Channels: Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Encrypted Channels: Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Encrypted Channels: Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Encrypted Channels: Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Encrypted Channels: Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Traffic Signaling: Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Traffic Signaling: Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Traffic Signaling: Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Traffic Signaling: Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205.002", "attack-object-name": "Traffic Signaling: Socket Filters", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Format string attack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Fuzz testing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Insecure deserialization", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Integer overflows", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.LDAP injection", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.SQLi", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Session fixation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - drive-by", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "Steal or Forge Kerberos Tickets: AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "Steal or Forge Kerberos Tickets: AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "Steal or Forge Kerberos Tickets: AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "Hijack Execution Flow: DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "Hijack Execution Flow: DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "Hijack Execution Flow: DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "Hijack Execution Flow: DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "Hijack Execution Flow: DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "Hijack Execution Flow: DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "Hijack Execution Flow: DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "Hijack Execution Flow: DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Hijack Execution Flow: Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Hijack Execution Flow: Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Hijack Execution Flow: Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Hijack Execution Flow: Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Hijack Execution Flow: Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Hijack Execution Flow: Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Hijack Execution Flow: Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Hijack Execution Flow: Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595.002", "attack-object-name": "Active Scanning: Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595.002", "attack-object-name": "Active Scanning: Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Forced browsing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Session replay", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.003", "attack-object-name": "Acquire Infrastructure: Virtual Private Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Forced browsing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.003", "attack-object-name": "Acquire Infrastructure: Virtual Private Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.004", "attack-object-name": "Acquire Infrastructure: Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Forced browsing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.004", "attack-object-name": "Acquire Infrastructure: Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.006", "attack-object-name": "Acquire Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Forced browsing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.006", "attack-object-name": "Acquire Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.006", "attack-object-name": "Acquire Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.006", "attack-object-name": "Acquire Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.006", "attack-object-name": "Acquire Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Website", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP request smuggling", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP request splitting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP response smuggling", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP response splitting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Session fixation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Click fraud", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Click fraud and cryptocurrency mining", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Cryptocurrency mining", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XML injection", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Routing detour", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "Man-in-the-Middle: LLMNR/NBT-NS Poisoning and Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "Man-in-the-Middle: LLMNR/NBT-NS Poisoning and Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Null byte injection", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Use Alternate Authentication Material: Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Pass-the-hash", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Use Alternate Authentication Material: Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Use Alternate Authentication Material: Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Pass-the-hash", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Use Alternate Authentication Material: Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1082", "attack-object-name": "System Information Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1082", "attack-object-name": "System Information Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1033", "attack-object-name": "System Owner/User Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1033", "attack-object-name": "System Owner/User Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1033", "attack-object-name": "System Owner/User Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1007", "attack-object-name": "System Service Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1007", "attack-object-name": "System Service Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1012", "attack-object-name": "Query Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1012", "attack-object-name": "Query Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1057", "attack-object-name": "Process Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1120", "attack-object-name": "Peripheral Device Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1124", "attack-object-name": "System Time Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1480", "attack-object-name": "Execution Guardrails", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1480", "attack-object-name": "Execution Guardrails", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1480.001", "attack-object-name": "Execution Guardrails: Environmental Keying", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1480.001", "attack-object-name": "Execution Guardrails: Environmental Keying", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1518", "attack-object-name": "Software Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1518.001", "attack-object-name": "Software Discovery: Security Software Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Account Discovery: Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1069", "attack-object-name": "Permission Groups Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1069.001", "attack-object-name": "Permission Groups Discovery: Local Groups", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1614", "attack-object-name": "System Location Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1614.001", "attack-object-name": "System Location Discovery: System Language Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": " Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": " Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Packet sniffer", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": " Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": " Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1018", "attack-object-name": "Remote System Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1018", "attack-object-name": "Remote System Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1049", "attack-object-name": "System Network Connections Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1049", "attack-object-name": "System Network Connections Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589", "attack-object-name": "Gather Victim Identity Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589.001", "attack-object-name": "Gather Victim Identity Information: Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589.002", "attack-object-name": "Gather Victim Identity Information: Email Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589.003", "attack-object-name": "Gather Victim Identity Information: Employee Names", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590", "attack-object-name": "Gather Victim Network Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.001", "attack-object-name": "Gather Victim Network Information: Domain Properties", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.002", "attack-object-name": "Gather Victim Network Information: DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.003", "attack-object-name": "Gather Victim Network Information: Network Trust Dependencies", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.004", "attack-object-name": "Gather Victim Network Information: Network Topology", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.005", "attack-object-name": "Gather Victim Network Information: IP Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.006", "attack-object-name": "Gather Victim Network Information: Network Security Appliances", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592", "attack-object-name": "Gather Victim Host Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.001", "attack-object-name": "Gather Victim Host Information: Hardware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.002", "attack-object-name": "Gather Victim Host Information: Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.003", "attack-object-name": "Gather Victim Host Information: Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.004", "attack-object-name": "Gather Victim Host Information: Client Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "Data from Configuration Repository: SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "Data from Configuration Repository: SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Data from Configuration Repository: Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Data from Configuration Repository: Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1526", "attack-object-name": "Cloud Service Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Session prediction", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Forge Web Credentials: Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Session prediction", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Forge Web Credentials: Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Use Alternate Authentication Material:Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Session replay", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Use Alternate Authentication Material:Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Services: Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Services: Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Desktop sharing software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "Remote Services: SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "Remote Services: SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Remote Services: Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Remote Services: Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "Remote Services: SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "Remote Services: SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "Remote Services: VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "Remote Services: VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Desktop sharing software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Remote Services: Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Remote Services: Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Valid Accounts: Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Valid Accounts: Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Valid Accounts: Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Valid Accounts: Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Access Token Manipulation: Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Access Token Manipulation: Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Access Token Manipulation: Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134.004", "attack-object-name": "Access Token Manipulation: Parent PID Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "Access Token Manipulation: SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Pass-the-hash", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Use Alternate Authentication Material: Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Use Alternate Authentication Material: Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Steal or Forge Kerberos Tickets: Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Steal or Forge Kerberos Tickets: Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Steal or Forge Kerberos Tickets: Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1586", "attack-object-name": "Compromise Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1586.001", "attack-object-name": "Compromise Account: Social Media Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1586.001", "attack-object-name": "Compromise Account: Social Media Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1586.001", "attack-object-name": "Compromise Account: Social Media Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1586.002", "attack-object-name": "Compromise Account: Email Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Virtual machine escape", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XML external entities", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1010", "attack-object-name": "Application Window Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XPath injection", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1010", "attack-object-name": "Application Window Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583", "attack-object-name": "Acquire Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583", "attack-object-name": "Acquire Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - download", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.001", "attack-object-name": "Acquire Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.001", "attack-object-name": "Acquire Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.001", "attack-object-name": "Acquire Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.002", "attack-object-name": "Acquire Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.002", "attack-object-name": "Acquire Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.002", "attack-object-name": "Acquire Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584", "attack-object-name": "Compromise Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584", "attack-object-name": "Compromise Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - download", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.001", "attack-object-name": "Compromise Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.001", "attack-object-name": "Compromise Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.002", "attack-object-name": "Compromise Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.002", "attack-object-name": "Compromise Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.002", "attack-object-name": "Compromise Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.003", "attack-object-name": "Compromise Infrastructure: Virtual Private Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.004", "attack-object-name": "Compromise Infrastructure: Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.006", "attack-object-name": "Compromise Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587", "attack-object-name": "Develop Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587", "attack-object-name": "Develop Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Bot", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Payload", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Ransomware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Trojan", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.002", "attack-object-name": "Develop Capabilities: Code Signing Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.002", "attack-object-name": "Develop Capabilities: Code Signing Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.003", "attack-object-name": "Develop Capabilities: Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.003", "attack-object-name": "Develop Capabilities: Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.004", "attack-object-name": "Develop Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.004", "attack-object-name": "Develop Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.004", "attack-object-name": "Develop Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Exploit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.004", "attack-object-name": "Develop Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Exploit Kits", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588", "attack-object-name": "Obtain Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588", "attack-object-name": "Obtain Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Bot", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Payload", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Ransomware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Trojan", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.002", "attack-object-name": "Obtain Capabilities: Tool", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.003", "attack-object-name": "Obtain Capabilities: Code Signing Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.003", "attack-object-name": "Obtain Capabilities: Code Signing Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.004", "attack-object-name": "Obtain Capabilities: Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.004", "attack-object-name": "Obtain Capabilities: Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.005", "attack-object-name": "Obtain Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.005", "attack-object-name": "Obtain Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.005", "attack-object-name": "Obtain Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Exploit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.005", "attack-object-name": "Obtain Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Exploit Kits", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.006", "attack-object-name": "Obtain Capabilities: Vulnerabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.006", "attack-object-name": "Obtain Capabilities: Vulnerabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundry Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Boundry Bridging: Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "Forge Web Credentials: SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Destruction", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Desktop sharing software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Adminware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Hypervisor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Inter-tenant", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Adware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Software update", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Supply Chain Compromise: Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Supply Chain Compromise: Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Supply Chain Compromise: Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Supply Chain Compromise: Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Supply Chain Compromise: Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Supply Chain Compromise: Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Physical access", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Input Capture: Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Web application", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Input Capture: Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Input Capture: Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Server Software Component: Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Server Software Component: Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Application Layer Protocol: Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Application Layer Protocol: Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Application Layer Protocol: Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "Application Layer Protocol: File Transfer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "Application Layer Protocol: File Transfer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "Application Layer Protocol: File Transfer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Application Layer Protocol: Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Application Layer Protocol: Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Application Layer Protocol: Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "Application Layer Protocol: DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "Application Layer Protocol: DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "Application Layer Protocol: DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Proxy: Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Proxy: Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "Proxy: External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "Proxy: External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Proxy: Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Proxy: Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.004", "attack-object-name": "Proxy: Domain Fronting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.004", "attack-object-name": "Proxy: Domain Fronting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Web Service: Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Web Service: Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Web Service: Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Web Service: Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "Web Service: One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "Web Service: One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056", "attack-object-name": "Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056", "attack-object-name": "Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.001", "attack-object-name": "Input Capture: Keylogging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.001", "attack-object-name": "Input Capture: Keylogging", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "Input Capture: GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "Input Capture: GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.004", "attack-object-name": "Input Capture: Credential API Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.004", "attack-object-name": "Input Capture: Credential API Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.004", "attack-object-name": "Input Capture: Credential API Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Spyware/Keylogger", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.004", "attack-object-name": "Input Capture: Credential API Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1113", "attack-object-name": "Screen Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1113", "attack-object-name": "Screen Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Email Collection: Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Email Collection: Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Email Collection: Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Email Collection: Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Collection: Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Collection: Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Collection: Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1123", "attack-object-name": "Audio Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1123", "attack-object-name": "Audio Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1125", "attack-object-name": "Video Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1125", "attack-object-name": "Video Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - drive-by", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1207", "attack-object-name": "Rogue Domain Controller", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1217", "attack-object-name": "Browser Bookmark Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "OS Credential Dumping: Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "OS Credential Dumping: Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "OS Credential Dumping: Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAM scraper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "OS Credential Dumping: Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "OS Credential Dumping: NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "OS Credential Dumping: NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "OS Credential Dumping: NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "OS Credential Dumping: DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "OS Credential Dumping: DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "OS Credential Dumping: DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "OS Credential Dumping: DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "OS Credential Dumping: /etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "OS Credential Dumping: /etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "OS Credential Dumping: /etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1039", "attack-object-name": "Data from Network Shared Drive", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1039", "attack-object-name": "Data from Network Shared Drive", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Data from Information Repositories: Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Data from Information Repositories: Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Data from Information Repositories: Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Data from Information Repositories: Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Client-side attack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Indicator Removal on Host: Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Indicator Removal on Host: Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Log tampering", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Indicator Removal on Host: Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Indicator Removal on Host: Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Log tampering", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Indicator Removal on Host: Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.004", "attack-object-name": "Indicator Removal on Host: File Deletion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.005", "attack-object-name": "Indicator Removal on Host: Network Share Connection Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.006", "attack-object-name": "Indicator Removal on Host: Timestomp", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Destruction", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Destruction", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Destruction", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Wipe: Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Wipe: Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Destruction", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Wipe: Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Wipe: Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Wipe: Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Destruction", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Wipe: Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Wipe: Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1006", "attack-object-name": "Direct Volume Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027.001", "attack-object-name": "Obfuscated Files or Information: Binary Padding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Obfuscated Files or Information: Software Packaging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027.003", "attack-object-name": "Obfuscated Files or Information: Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027.004", "attack-object-name": "Obfuscated Files or Information: Compile After Dilevery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027.005", "attack-object-name": "Obfuscated Files or Information: Indicator Removal from Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Masquerading: Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.002", "attack-object-name": "Masquerading: Right-to-Left Override", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.002", "attack-object-name": "Masquerading: Right-to-Left Override", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Forgery", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.002", "attack-object-name": "Masquerading: Right-to-Left Override", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Masquerading: Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Masquerading: Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.004", "attack-object-name": "Masquerading: Masquerade Task or Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Masquerading: Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.006", "attack-object-name": "Masquerading: Space after Filename", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "File and Directory Permissions Modification: Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "File and Directory Permissions Modification: Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Ransomware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497.001", "attack-object-name": "Virtualization/Sandbox Evasion: System Checks", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497.002", "attack-object-name": "Virtualization/Sandbox Evasion: User Activity Based Checks", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497.003", "attack-object-name": "Virtualization/Sandbox Evasion: Time Based Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Subvert Trust Contols: Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.002", "attack-object-name": "Subvert Trust Contols: Code Signing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "Subvert Trust Contols: SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Subvert Trust Contols: Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Subvert Trust Contols: Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Subvert Trust Contols: Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Impair Defenses: Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "Hijack Execution Flow: COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1600.001", "attack-object-name": "Weaken Encryption: Reduce Key Space", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1600.002", "attack-object-name": "Weaken Encryption: Disable Crypto Hardware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Modify System Image: Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Modify System Image: Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Modify System Image: Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Downloader", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Downloader", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Social media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "User Execution: Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Downloader", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "User Execution: Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "User Execution: Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email link", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "User Execution: Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "User Execution: Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "User Execution: Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Social media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "User Execution: Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Downloader", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "User Execution: Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "User Execution: Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "User Execution: Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "User Execution: Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "User Execution: Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Social media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "User Execution: Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Downloader", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "User Execution: Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Trojan", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "User Execution: Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "User Execution: Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "User Execution: Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "User Execution: Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "User Execution: Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Social media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Other Network Medium: Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Other Network Medium: Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1020", "attack-object-name": "Automated Exfiltration", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1020", "attack-object-name": "Automated Exfiltration", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Automated Exfiltration: Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Automated Exfiltration: Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Alternative Protocol: Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Alternative Protocol: Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protcol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protcol", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration Over Physical Medium: Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration Over Physical Medium: Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1074", "attack-object-name": "Data Staged", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1074.001", "attack-object-name": "Data Staged: Local Data Staging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1074.002", "attack-object-name": "Data Staged: Remote Data Staging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive Collected Data: Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1560.002", "attack-object-name": "Archive Collected Data: Archive via Library", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1560.003", "attack-object-name": "Archive Collected Data: Archive via Custom Method", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration Over Web Service: Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration Over Web Service: Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration Over Web Service: Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration Over Web Service: Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "OS Credential Dumping: Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "OS Credential Dumping: Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "OS Credential Dumping: Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Process Injection: Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Process Injection: Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Process Injection: Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Process Injection: Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Process Injection: Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Process Injection: Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Process Injection: Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Process Injection: Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Injection: Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Injection: Process Doppelganging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "Process Injection: VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1115", "attack-object-name": "Clipboard Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1115", "attack-object-name": "Clipboard Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "OS Credential Dumping: LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "OS Credential Dumping: LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAM scraper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "OS Credential Dumping: LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "OS Credential Dumping: LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "OS Credential Dumping: LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAM scraper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "OS Credential Dumping: LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "OS Credential Dumping: Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "OS Credential Dumping: Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAM scraper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "OS Credential Dumping: Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email link", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "OS Credential Dumping: Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Unsecured Credentials: Credentials in Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Unsecured Credentials: Credentials in Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Unsecured Credentials: Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Unsecured Credentials: Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Unsecured Credentials: Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Unsecured Credentials: Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Unsecured Credentials: Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Unsecured Credentials: Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Unsecured Credentials: Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Unsecured Credentials: Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Unsecured Credentials: Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Unsecured Credentials: Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Credentials from Password Stores: Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Credentials from Password Stores: Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Credentials from Password Stores: Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Credentials from Password Stores: Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAM scraper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Credentials from Password Stores: Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.003", "attack-object-name": "Credentials from Password Stores: Credentials from Web Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.003", "attack-object-name": "Credentials from Password Stores: Credentials from Web Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Credentials from Password Stores: Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Credentials from Password Stores: Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Credentials from Password Stores: Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Credentials from Password Stores: Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Ransomware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Obscuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "Pre-OS Boot: System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542.002", "attack-object-name": "Pre-OS Boot: Component Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Pre-OS Boot: Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "Pre-OS Boot: ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "Pre-OS Boot: TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1016", "attack-object-name": "System Network Configuration Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1016.001", "attack-object-name": "System Network Configuration Discovery: Internet Connection Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595.001", "attack-object-name": "Active Scanning: Scanning IP Blocks", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Worm", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Worm", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Removable media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Removable media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1140", "attack-object-name": "Deobfuscate/Decode Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.001", "attack-object-name": "Stage Capabilities: Upload Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.002", "attack-object-name": "Stage Capabilities: Upload Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.003", "attack-object-name": "Stage Capabilities: Install Digital Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.004", "attack-object-name": "Stage Capabilities: Drive-by Target", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.005", "attack-object-name": "Stage Capabilities: Link Target", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Phishing: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Phishing: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Phishing: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Phishing: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Phishing for Information: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Phishing for Information: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Phishing for Information: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Phishing: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email link", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Phishing: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Phishing: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Phishing for Information: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email link", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Phishing for Information: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Phishing for Information: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Instant messaging", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Removable media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - drive-by", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Web application", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Phishing: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Phishing: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Phishing: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Web application", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Phishing: Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Phishing: Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Phishing for Information: Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Phishing for Information: Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1534", "attack-object-name": "Internal Spearphishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1534", "attack-object-name": "Internal Spearphishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Misrepresentation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585", "attack-object-name": "Establish Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585", "attack-object-name": "Establish Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Persona", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585.001", "attack-object-name": "Establish Accounts: Social Media Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585.001", "attack-object-name": "Establish Accounts: Social Media Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Persona", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585.002", "attack-object-name": "Establish Accounts: Email Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585.002", "attack-object-name": "Establish Accounts: Email Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Persona", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.001", "attack-object-name": "Event Triggered Execution: Change Default File Association", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Event Triggered Execution Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Event Triggered Execution: Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Event Triggered Execution: Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.005", "attack-object-name": "Event Triggered Execution: Trap", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "Event Triggered Execution: LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.007", "attack-object-name": "Event Triggered Execution: Netsh Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Event Triggered Execution: Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "Event Triggered Execution: AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "Event Triggered Execution: AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Event Triggered Execution: Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.012", "attack-object-name": "Event Triggered Execution: Image File Execution Options Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "Event Triggered Execution: PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Event Triggered Execution: Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.015", "attack-object-name": "Event Triggered Execution: Component Object Model Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Create Account: Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Created account", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Create Account: Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Created account", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Create Account: Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Created account", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Obscuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Defacement", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Defacement: Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Obscuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Defacement: Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Defacement", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "Defacement: External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Obscuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "Defacement: External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Defacement", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Boot or Logon Initialization Scripts: Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Boot or Logon Initialization Scripts: Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Boot or Logon Initialization Scripts: Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Boot or Logon Initialization Scripts: RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Boot or Logon Initialization Scripts: Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1484.001", "attack-object-name": "Domain Policy Modification: Group Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1484.002", "attack-object-name": "Domain Policy Modification: Domain Trust Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.001", "attack-object-name": "Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Boot or Logon Autostart Execution: Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Boot or Logon Autostart Execution: Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Boot or Logon Autostart Execution: Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Boot or Logon Autostart Execution: Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Boot or Logon Autostart Execution: Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Boot or Logon Autostart Execution: Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "Boot or Logon Autostart Execution: LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Boot or Logon Autostart Execution: Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.010", "attack-object-name": "Boot or Logon Autostart Execution: Port Monitors", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Boot or Logon Autostart Execution: Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "Boot or Logon Autostart Execution: XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Modify Authentication Process: Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Modify Authentication Process: Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Modify Authentication Process: Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Modify Authentication Process: Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Modify Authentication Process: Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Modify Authentication Process: Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Data Manipulation: Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Data Manipulation: Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Data Manipulation: Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Account Manipulation: Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Account Manipulation: Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Account Manipulation: Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "Account Manipulation: SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.014", "attack-object-name": "Boot or Logon Autostart Execution: Active Setup", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Repurpose", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Event Triggered Execution: Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Unsecured Credentials: Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}]} \ No newline at end of file +{"metadata": {"mapping-version": "2.0", "attack-version": "12.1", "technology-domain": "enterprise", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "VERIS Framework", "mapping-framework-version": "1.3.7"}, "attack-objects": [{"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1047", "attack-object-name": "Windows Management Instrumentation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Direct install", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.002", "attack-object-name": "Scheduled Task/Job: At", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.003", "attack-object-name": "Scheduled Task/Job: Cron", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.005", "attack-object-name": "Scheduled Task/Job: Scheduled Task", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.006", "attack-object-name": "Scheduled Task/Job: Systemd Timers", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1053.007", "attack-object-name": "Scheduled Task/Job: Container Orchestration Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.OS commanding", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "Command and Scripting Interpreter: PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.001", "attack-object-name": "Command and Scripting Interpreter: PowerShell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "Command and Scripting Interpreter: AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "Command and Scripting Interpreter: AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.OS commanding", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.002", "attack-object-name": "Command and Scripting Interpreter: AppleScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Command and Scripting Interpreter: Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Command and Scripting Interpreter: Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.OS commanding", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.003", "attack-object-name": "Command and Scripting Interpreter: Windows Command Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Command and Scripting Interpreter: Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Command and Scripting Interpreter: Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.OS commanding", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.004", "attack-object-name": "Command and Scripting Interpreter: Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Command and Scripting Interpreter: Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Command and Scripting Interpreter: Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.005", "attack-object-name": "Command and Scripting Interpreter: Visual Basic", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Command and Scripting Interpreter: Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.006", "attack-object-name": "Command and Scripting Interpreter: Python", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "Command and Scripting Interpreter: JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "Command and Scripting Interpreter: JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.007", "attack-object-name": "Command and Scripting Interpreter: JavaScript", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Command and Scripting Interpreter: Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1059.008", "attack-object-name": "Command and Scripting Interpreter: Network Device CLI", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Adminware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Software update", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1072", "attack-object-name": "Software Deployment Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1106", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1112", "attack-object-name": "Modify Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1127", "attack-object-name": "Trusted Developer Utilities Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "Tursted Developer Utilities Proxy Execution: MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1127.001", "attack-object-name": "Tursted Developer Utilities Proxy Execution: MSBuild", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1129", "attack-object-name": "Shared Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137", "attack-object-name": "Office Application Startup", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137.001", "attack-object-name": "Office Application Startup: Office Template Macros", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137.002", "attack-object-name": "Office Application Startup: Office Test", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137.003", "attack-object-name": "Office Application Startup: Outlook Forms", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137.004", "attack-object-name": "Office Application Startup: Outlook Home Page", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1137.005", "attack-object-name": "Office Application Startup: Outlook Rules", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1187", "attack-object-name": "Forced Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1202", "attack-object-name": "Indirect Command Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1216", "attack-object-name": "Signed Script Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1216.001", "attack-object-name": "Signed Script Proxy Execution: PubPrn", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218", "attack-object-name": "Signed Binary Proxy Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.001", "attack-object-name": "Signed Binary Proxy Execution: Compiled HTML File", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.002", "attack-object-name": "Signed Binary Proxy Execution: Control Panel", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.003", "attack-object-name": "Signed Binary Proxy Execution: CMSTP", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.004", "attack-object-name": "Signed Binary Proxy Execution: InstallUtil", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.005", "attack-object-name": "Signed Binary Proxy Execution: Mshta", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.007", "attack-object-name": "Signed Binary Proxy Execution: Msiexec", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.008", "attack-object-name": "Signed Binary Proxy Execution: Odbcconf", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.009", "attack-object-name": "Signed Binary Proxy Execution: Regsvcs/Regasm", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.010", "attack-object-name": "Signed Binary Proxy Execution: Regsvr32", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.011", "attack-object-name": "Signed Binary Proxy Execution: Rundll32", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.012", "attack-object-name": "Signed Binary Proxy Execution: Verclsid", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.013", "attack-object-name": "System Binary Proxy Execution: Mavinject", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1218.014", "attack-object-name": "System Binary Proxy Execution: MMC", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1220", "attack-object-name": "XSL Script Processing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "Server Software Component: SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "Server Software Component: SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.001", "attack-object-name": "Server Software Component: SQL Stored Procedures", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Server Software Component: Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Server Software Component: Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.002", "attack-object-name": "Server Software Component: Transport Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1529", "attack-object-name": "System Shutdown/Reboot", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1529", "attack-object-name": "System Shutdown/Reboot", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543", "attack-object-name": "Create or Modify System Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Create or Modify System Process: Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.001", "attack-object-name": "Create or Modify System Process: Launch Agent", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Create or Modify System Process: Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.002", "attack-object-name": "Create or Modify System Process: Systemd Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Create or Modify System Process: Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Create or Modify System Process: Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAT", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.003", "attack-object-name": "Create or Modify System Process: Windows Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Create or Modify System Process: Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1543.004", "attack-object-name": "Create or Modify System Process: Launch Daemon", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547", "attack-object-name": "Boot or Logon Autostart Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.001", "attack-object-name": "Abuse Elevation Control Mechanism: Setuid and Setgid", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Abuse Elevation Control Mechanism: Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Abuse Elevation Control Mechanism: Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.002", "attack-object-name": "Abuse Elevation Control Mechanism: Bypass User Account Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Abuse Elevation Control Mechanism: Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Abuse Elevation Control Mechanism: Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.003", "attack-object-name": "Abuse Elevation Control Mechanism: Sudo and Sudo Caching", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Client-side attack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Abuse Elevation Control Mechanism: Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1548.004", "attack-object-name": "Abuse Elevation Control Mechanism: Elevated Execution with Prompt", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1559", "attack-object-name": "Inter-Process Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1559.001", "attack-object-name": "Inter-Process Communication: Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1559.002", "attack-object-name": "Inter-Process Communication: Dynamic Data Exchange", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563", "attack-object-name": "Remote Service Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "Remote Service Session Hijacking: SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "Remote Service Session Hijacking: SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563.001", "attack-object-name": "Remote Service Session Hijacking: SSH Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "Remote Service Session Hijacking: RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "Remote Service Session Hijacking: RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1563.002", "attack-object-name": "Remote Service Session Hijacking: RDP Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564", "attack-object-name": "Hide Artifacts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564", "attack-object-name": "Hide Artifacts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564", "attack-object-name": "Hide Artifacts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564", "attack-object-name": "Hide Artifacts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.001", "attack-object-name": "Hide Artifacts: Hidden Files and Directories", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.001", "attack-object-name": "Hide Artifacts: Hidden Files and Directories", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.001", "attack-object-name": "Hide Artifacts: Hidden Files and Directories", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.001", "attack-object-name": "Hide Artifacts: Hidden Files and Directories", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hide Artifacts: Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hide Artifacts: Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hide Artifacts: Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.002", "attack-object-name": "Hide Artifacts: Hidden Users", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hide Artifacts: Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hide Artifacts: Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hide Artifacts: Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.003", "attack-object-name": "Hide Artifacts: Hidden Window", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "Hide Artifacts: NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "Hide Artifacts: NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "Hide Artifacts: NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.004", "attack-object-name": "Hide Artifacts: NTFS File Attributes", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.005", "attack-object-name": "Hide Artifacts: Hidden File System", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.005", "attack-object-name": "Hide Artifacts: Hidden File System", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.005", "attack-object-name": "Hide Artifacts: Hidden File System", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.005", "attack-object-name": "Hide Artifacts: Hidden File System", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Hide Artifacts: Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Hide Artifacts: Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Hide Artifacts: Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.006", "attack-object-name": "Hide Artifacts: Run Virtual Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "Hide Artifacts: VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "Hide Artifacts: VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "Hide Artifacts: VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "Hide Artifacts: VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Trojan", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1564.007", "attack-object-name": "Hide Artifacts: VBA Stomping", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1569", "attack-object-name": "System Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1569.001", "attack-object-name": "System Services: Launchctl", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "System Services: Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1569.002", "attack-object-name": "System Services: Service Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Direct install", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Computer Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Computer Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Hypervisor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578", "attack-object-name": "Modify Cloud Computer Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Inter-tenant", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578.001", "attack-object-name": "Modify Cloud Computer Infrastructure: Create Snapshot", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578.002", "attack-object-name": "Modify Cloud Computer Infrastructure: Create Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578.003", "attack-object-name": "Modify Cloud Computer Infrastructure: Delete Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1578.004", "attack-object-name": "Modify Cloud Computer Infrastructure: Revert Cloud Instance", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1609", "attack-object-name": "Container Administration Command", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098", "attack-object-name": "Account Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Adminware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1554", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Trojan", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136", "attack-object-name": "Create Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Created account", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XML injection", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.3rd party desktop", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Desktop sharing software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.VPN", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Remote injection", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1133", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAT", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1525", "attack-object-name": "Implant Internal Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556", "attack-object-name": "Modify Authentication Process", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110", "attack-object-name": "Brute Force", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Brute Force: Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.001", "attack-object-name": "Brute Force: Password Guessing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Brute Force: Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Brute Force: Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Offline cracking", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.002", "attack-object-name": "Brute Force: Password Cracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Brute Force: Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.003", "attack-object-name": "Brute Force: Password Spraying", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Brute Force: Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1110.004", "attack-object-name": "Brute Force: Credential Stuffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Buffer overflow", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP request smuggling", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP request splitting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP response smuggling", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP response splitting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Client-side attack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1203", "attack-object-name": "Exploitation for Client Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "Adversary-in-the-Middle: ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Cache poisoning", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "Adversary-in-the-Middle: ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557.002", "attack-object-name": "Adversary-in-the-Middle: ARP Cache Poisoning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1600", "attack-object-name": "Weaken Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Cryptanalysis", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1600", "attack-object-name": "Weaken Encryption", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.001", "attack-object-name": "Disable or Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.002", "attack-object-name": "Disable Windows Event Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.003", "attack-object-name": "Impair Command History Logging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.004", "attack-object-name": "Disable or Modify System Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.007", "attack-object-name": "Disable or Modify Cloud Firewall", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.008", "attack-object-name": "Disable Cloud Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1489", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Network Denial of Service: Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Network Denial of Service: Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Network Denial of Service: Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.001", "attack-object-name": "Network Denial of Service: Direct Network Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Network Denial of Service: Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Network Denial of Service: Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Network Denial of Service: Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1498.002", "attack-object-name": "Network Denial of Service: Reflection Amplification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Soap array abuse", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XML external entities", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "Endpoint Denial of Service: OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "Endpoint Denial of Service: OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "Endpoint Denial of Service: OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.001", "attack-object-name": "Endpoint Denial of Service: OS Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Endpoint Denial of Service: Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Endpoint Denial of Service: Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Endpoint Denial of Service: Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.002", "attack-object-name": "Endpoint Denial of Service: Service Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Endpoint Denial of Service: Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Endpoint Denial of Service: Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Endpoint Denial of Service: Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.003", "attack-object-name": "Endpoint Denial of Service: Application Exhaustion Flood", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Endpoint Denial of Service: Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Endpoint Denial of Service: Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Endpoint Denial of Service: Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1499.004", "attack-object-name": "Endpoint Denial of Service: Application or System Exploitation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.005", "attack-object-name": "Acquire Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.005", "attack-object-name": "Acquire Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.005", "attack-object-name": "Acquire Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Bot", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.005", "attack-object-name": "Compromise Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.005", "attack-object-name": "Compromise Infrastructure: Botnet", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1622", "attack-object-name": "Debugger Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1211", "attack-object-name": "Exploitation for Defense Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1014", "attack-object-name": "Rootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1014", "attack-object-name": "Rootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1014", "attack-object-name": "Rootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1014", "attack-object-name": "Rootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001", "attack-object-name": "Data Obfuscation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Data Obfuscation: Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Data Obfuscation: Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Data Obfuscation: Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.001", "attack-object-name": "Data Obfuscation: Junk Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Data Obfuscation: Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.002", "attack-object-name": "Data Obfuscation: Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Data Obfuscation: Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1001.003", "attack-object-name": "Data Obfuscation: Protocol Impersonation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132", "attack-object-name": "Data Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Data Encoding: Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Data Encoding: Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132.001", "attack-object-name": "Data Encoding: Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Data Encoding: Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Data Encoding: Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1132.002", "attack-object-name": "Data Encoding: Non-Standard Encoding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568", "attack-object-name": "Dynamic Resolution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Download by malware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.001", "attack-object-name": "Dynamic Resolution: Fast Flux DSN", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.001", "attack-object-name": "Dynamic Resolution: Fast Flux DSN", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.001", "attack-object-name": "Dynamic Resolution: Fast Flux DSN", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Dynamic Resolution: Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Dynamic Resolution: Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.002", "attack-object-name": "Dynamic Resolution: Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.003", "attack-object-name": "Dynamic Resolution: DNS Calculation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.003", "attack-object-name": "Dynamic Resolution: DNS Calculation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1568.003", "attack-object-name": "Dynamic Resolution: DNS Calculation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573", "attack-object-name": "Encrypted Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Encrypted Channels: Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Encrypted Channels: Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573.002", "attack-object-name": "Encrypted Channels: Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Encrypted Channels: Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Encrypted Channels: Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1573.001", "attack-object-name": "Encrypted Channels: Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1008", "attack-object-name": "Fallback Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1104", "attack-object-name": "Multi-Stage Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1572", "attack-object-name": "Protocol Tunneling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090", "attack-object-name": "Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205", "attack-object-name": "Traffic Signaling", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Traffic Signaling: Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Traffic Signaling: Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Traffic Signaling: Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205.001", "attack-object-name": "Traffic Signaling: Port Knocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1205.002", "attack-object-name": "Traffic Signaling: Socket Filters", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Format string attack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Fuzz testing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Insecure deserialization", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Integer overflows", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.LDAP injection", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1068", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1190", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.SQLi", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Session fixation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - drive-by", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1212", "attack-object-name": "Exploitation for Credential Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "Steal or Forge Kerberos Tickets: AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "Steal or Forge Kerberos Tickets: AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.004", "attack-object-name": "Steal or Forge Kerberos Tickets: AS-REP Roasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "Hijack Execution Flow: DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "Hijack Execution Flow: DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "Hijack Execution Flow: DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.001", "attack-object-name": "Hijack Execution Flow: DLL Search Order Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "Hijack Execution Flow: DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "Hijack Execution Flow: DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "Hijack Execution Flow: DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.002", "attack-object-name": "Hijack Execution Flow: DLL Side-Loading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Hijack Execution Flow: Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Hijack Execution Flow: Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.005", "attack-object-name": "Hijack Execution Flow: Executable Installer File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.010", "attack-object-name": "Hijack Execution Flow: Services File Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.011", "attack-object-name": "Hijack Execution Flow: Services Registry Permissions Weakness", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Hijack Execution Flow: Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Hijack Execution Flow: Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.004", "attack-object-name": "Hijack Execution Flow: Dylib Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595.002", "attack-object-name": "Active Scanning: Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595.002", "attack-object-name": "Active Scanning: Vulnerability Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Forced browsing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Session replay", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1539", "attack-object-name": "Steal Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.003", "attack-object-name": "Acquire Infrastructure: Virtual Private Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Forced browsing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.003", "attack-object-name": "Acquire Infrastructure: Virtual Private Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.004", "attack-object-name": "Acquire Infrastructure: Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Forced browsing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.004", "attack-object-name": "Acquire Infrastructure: Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.006", "attack-object-name": "Acquire Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Forced browsing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.006", "attack-object-name": "Acquire Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.006", "attack-object-name": "Acquire Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.006", "attack-object-name": "Acquire Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.006", "attack-object-name": "Acquire Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Website", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP request smuggling", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP request splitting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP response smuggling", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.HTTP response splitting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Session fixation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1185", "attack-object-name": "Browser Session Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Click fraud", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Click fraud and cryptocurrency mining", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Cryptocurrency mining", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1496", "attack-object-name": "Resource Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XML injection", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Routing detour", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557", "attack-object-name": "Man-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "Man-in-the-Middle: LLMNR/NBT-NS Poisoning and Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557.001", "attack-object-name": "Man-in-the-Middle: LLMNR/NBT-NS Poisoning and Relay", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Null byte injection", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Use Alternate Authentication Material: Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Pass-the-hash", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Use Alternate Authentication Material: Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Use Alternate Authentication Material: Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Pass-the-hash", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.002", "attack-object-name": "Use Alternate Authentication Material: Pass the Hash", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1082", "attack-object-name": "System Information Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1082", "attack-object-name": "System Information Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1033", "attack-object-name": "System Owner/User Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1033", "attack-object-name": "System Owner/User Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1033", "attack-object-name": "System Owner/User Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1007", "attack-object-name": "System Service Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1007", "attack-object-name": "System Service Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1012", "attack-object-name": "Query Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1012", "attack-object-name": "Query Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1083", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1057", "attack-object-name": "Process Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1120", "attack-object-name": "Peripheral Device Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1124", "attack-object-name": "System Time Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1201", "attack-object-name": "Password Policy Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1119", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1480", "attack-object-name": "Execution Guardrails", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1480", "attack-object-name": "Execution Guardrails", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1480.001", "attack-object-name": "Execution Guardrails: Environmental Keying", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1480.001", "attack-object-name": "Execution Guardrails: Environmental Keying", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1518", "attack-object-name": "Software Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1518.001", "attack-object-name": "Software Discovery: Security Software Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1087", "attack-object-name": "Account Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1087.001", "attack-object-name": "Account Discovery: Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1069", "attack-object-name": "Permission Groups Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1069.001", "attack-object-name": "Permission Groups Discovery: Local Groups", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1614", "attack-object-name": "System Location Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1614.001", "attack-object-name": "System Location Discovery: System Language Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1046", "attack-object-name": "Network Service Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1135", "attack-object-name": "Network Share Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": " Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": " Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Packet sniffer", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": " Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1040", "attack-object-name": " Network Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1018", "attack-object-name": "Remote System Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1018", "attack-object-name": "Remote System Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1049", "attack-object-name": "System Network Connections Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1049", "attack-object-name": "System Network Connections Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589", "attack-object-name": "Gather Victim Identity Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589.001", "attack-object-name": "Gather Victim Identity Information: Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589.002", "attack-object-name": "Gather Victim Identity Information: Email Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1589.003", "attack-object-name": "Gather Victim Identity Information: Employee Names", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590", "attack-object-name": "Gather Victim Network Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.001", "attack-object-name": "Gather Victim Network Information: Domain Properties", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.002", "attack-object-name": "Gather Victim Network Information: DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.003", "attack-object-name": "Gather Victim Network Information: Network Trust Dependencies", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.004", "attack-object-name": "Gather Victim Network Information: Network Topology", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.005", "attack-object-name": "Gather Victim Network Information: IP Addresses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1590.006", "attack-object-name": "Gather Victim Network Information: Network Security Appliances", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592", "attack-object-name": "Gather Victim Host Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.001", "attack-object-name": "Gather Victim Host Information: Hardware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.002", "attack-object-name": "Gather Victim Host Information: Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.003", "attack-object-name": "Gather Victim Host Information: Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1592.004", "attack-object-name": "Gather Victim Host Information: Client Configurations", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1613", "attack-object-name": "Container and Resource Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1602", "attack-object-name": "Data from Configuration Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "Data from Configuration Repository: SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1602.001", "attack-object-name": "Data from Configuration Repository: SNMP (MIB Dump)", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Data from Configuration Repository: Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1602.002", "attack-object-name": "Data from Configuration Repository: Network Device Configuration Dump", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1526", "attack-object-name": "Cloud Service Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1580", "attack-object-name": "Cloud Infrastructure Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Session prediction", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1606", "attack-object-name": "Forge Web Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Forge Web Credentials: Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Session prediction", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1606.001", "attack-object-name": "Forge Web Credentials: Web Cookies", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Use Alternate Authentication Material:Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Session replay", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.004", "attack-object-name": "Use Alternate Authentication Material:Web Session Cookie", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Services: Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.001", "attack-object-name": "Remote Services: Remote Desktop Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Desktop sharing software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "Remote Services: SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.002", "attack-object-name": "Remote Services: SMB/Windows Admin Shares", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Remote Services: Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.003", "attack-object-name": "Remote Services: Distributed Component Object Model", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "Remote Services: SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.004", "attack-object-name": "Remote Services: SSH", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "Remote Services: VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.005", "attack-object-name": "Remote Services: VNC", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Desktop sharing software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Remote Services: Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1021.006", "attack-object-name": "Remote Services: Windows Remote Management", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078.001", "attack-object-name": "Valid Accounts: Default Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078.002", "attack-object-name": "Valid Accounts: Domain Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078.003", "attack-object-name": "Valid Accounts: Local Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1078.004", "attack-object-name": "Valid Accounts: Cloud Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134", "attack-object-name": "Access Token Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134.001", "attack-object-name": "Access Token Manipulation: Token Impersonation/Theft", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134.002", "attack-object-name": "Access Token Manipulation: Create Process with Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134.003", "attack-object-name": "Access Token Manipulation: Make and Impersonate Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134.004", "attack-object-name": "Access Token Manipulation: Parent PID Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1134.005", "attack-object-name": "Access Token Manipulation: SID-History Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Pass-the-hash", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550", "attack-object-name": "Use Alternate Authentication Material", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.001", "attack-object-name": "Use Alternate Authentication Material: Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1550.003", "attack-object-name": "Use Alternate Authentication Material: Pass the Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558", "attack-object-name": "Steal or Forge Kerberos Tickets", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.001", "attack-object-name": "Steal or Forge Kerberos Tickets: Golden Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.002", "attack-object-name": "Steal or Forge Kerberos Tickets: Silver Ticket", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1558.003", "attack-object-name": "Steal or Forge Kerberos Tickets: Kerberoasting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1586", "attack-object-name": "Compromise Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1586.001", "attack-object-name": "Compromise Account: Social Media Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1586.001", "attack-object-name": "Compromise Account: Social Media Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1586.001", "attack-object-name": "Compromise Account: Social Media Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1586.002", "attack-object-name": "Compromise Account: Email Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1611", "attack-object-name": "Escape to Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Virtual machine escape", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XML external entities", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213", "attack-object-name": "Data from Information Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1010", "attack-object-name": "Application Window Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.XPath injection", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1010", "attack-object-name": "Application Window Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1105", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1111", "attack-object-name": "Two-Factor Authentication Interception", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583", "attack-object-name": "Acquire Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583", "attack-object-name": "Acquire Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - download", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.001", "attack-object-name": "Acquire Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.001", "attack-object-name": "Acquire Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.001", "attack-object-name": "Acquire Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.002", "attack-object-name": "Acquire Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.002", "attack-object-name": "Acquire Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1583.002", "attack-object-name": "Acquire Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584", "attack-object-name": "Compromise Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584", "attack-object-name": "Compromise Infrastructure", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - download", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.001", "attack-object-name": "Compromise Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.001", "attack-object-name": "Compromise Infrastructure: Domains", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.002", "attack-object-name": "Compromise Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.002", "attack-object-name": "Compromise Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.002", "attack-object-name": "Compromise Infrastructure: DNS Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.003", "attack-object-name": "Compromise Infrastructure: Virtual Private Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.004", "attack-object-name": "Compromise Infrastructure: Server", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1584.006", "attack-object-name": "Compromise Infrastructure: Web Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587", "attack-object-name": "Develop Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587", "attack-object-name": "Develop Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Bot", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Payload", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Ransomware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.001", "attack-object-name": "Develop Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Trojan", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.002", "attack-object-name": "Develop Capabilities: Code Signing Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.002", "attack-object-name": "Develop Capabilities: Code Signing Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.003", "attack-object-name": "Develop Capabilities: Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.003", "attack-object-name": "Develop Capabilities: Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.004", "attack-object-name": "Develop Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.004", "attack-object-name": "Develop Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.004", "attack-object-name": "Develop Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Exploit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1587.004", "attack-object-name": "Develop Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Exploit Kits", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588", "attack-object-name": "Obtain Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588", "attack-object-name": "Obtain Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Bot", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Payload", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Ransomware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.001", "attack-object-name": "Obtain Capabilities: Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Trojan", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.002", "attack-object-name": "Obtain Capabilities: Tool", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.003", "attack-object-name": "Obtain Capabilities: Code Signing Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.003", "attack-object-name": "Obtain Capabilities: Code Signing Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.004", "attack-object-name": "Obtain Capabilities: Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.004", "attack-object-name": "Obtain Capabilities: Digital Certificates", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.005", "attack-object-name": "Obtain Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.005", "attack-object-name": "Obtain Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.005", "attack-object-name": "Obtain Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Exploit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.005", "attack-object-name": "Obtain Capabilities: Exploits", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Exploit Kits", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.006", "attack-object-name": "Obtain Capabilities: Vulnerabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1588.006", "attack-object-name": "Obtain Capabilities: Vulnerabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1599", "attack-object-name": "Network Boundry Bridging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1599.001", "attack-object-name": "Network Boundry Bridging: Network Address Translation Traversal", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1606.002", "attack-object-name": "Forge Web Credentials: SAML Tokens", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Destruction", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1531", "attack-object-name": "Account Access Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Desktop sharing software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1219", "attack-object-name": "Remote Access Software", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Adminware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Hypervisor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Inter-tenant", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497", "attack-object-name": "Virtualization/Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Adware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1199", "attack-object-name": "Trusted Relationship", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Software update", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Supply Chain Compromise: Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195.001", "attack-object-name": "Supply Chain Compromise: Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Supply Chain Compromise: Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195.002", "attack-object-name": "Supply Chain Compromise: Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Supply Chain Compromise: Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1195.003", "attack-object-name": "Supply Chain Compromise: Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1200", "attack-object-name": "Hardware Additions", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Physical access", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Input Capture: Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Web application", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Input Capture: Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.003", "attack-object-name": "Input Capture: Web Portal Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1095", "attack-object-name": "Non-Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1571", "attack-object-name": "Non-Standard Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505", "attack-object-name": "Server Software Component", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Server Software Component: Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1505.003", "attack-object-name": "Server Software Component: Web Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Application Layer Protocol: Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Application Layer Protocol: Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.001", "attack-object-name": "Application Layer Protocol: Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "Application Layer Protocol: File Transfer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "Application Layer Protocol: File Transfer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.002", "attack-object-name": "Application Layer Protocol: File Transfer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Application Layer Protocol: Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Application Layer Protocol: Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.003", "attack-object-name": "Application Layer Protocol: Mail Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "Application Layer Protocol: DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "Application Layer Protocol: DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1071.004", "attack-object-name": "Application Layer Protocol: DNS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Proxy: Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.001", "attack-object-name": "Proxy: Internal Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "Proxy: External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.002", "attack-object-name": "Proxy: External Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Proxy: Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.003", "attack-object-name": "Proxy: Multi-hop Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.004", "attack-object-name": "Proxy: Domain Fronting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1090.004", "attack-object-name": "Proxy: Domain Fronting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Web Service: Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102.001", "attack-object-name": "Web Service: Dead Drop Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Web Service: Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102.002", "attack-object-name": "Web Service: Bidirectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "Web Service: One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1102.003", "attack-object-name": "Web Service: One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056", "attack-object-name": "Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056", "attack-object-name": "Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.001", "attack-object-name": "Input Capture: Keylogging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.001", "attack-object-name": "Input Capture: Keylogging", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "Input Capture: GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.002", "attack-object-name": "Input Capture: GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.004", "attack-object-name": "Input Capture: Credential API Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.004", "attack-object-name": "Input Capture: Credential API Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.004", "attack-object-name": "Input Capture: Credential API Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Spyware/Keylogger", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1056.004", "attack-object-name": "Input Capture: Credential API Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1113", "attack-object-name": "Screen Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1113", "attack-object-name": "Screen Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114", "attack-object-name": "Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Email Collection: Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114.001", "attack-object-name": "Email Collection: Local Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Email Collection: Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114.002", "attack-object-name": "Email Collection: Remote Email Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Collection: Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Collection: Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1114.003", "attack-object-name": "Email Collection: Email Forwarding Rule", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1123", "attack-object-name": "Audio Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1123", "attack-object-name": "Audio Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1125", "attack-object-name": "Video Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1125", "attack-object-name": "Video Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1176", "attack-object-name": "Browser Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - drive-by", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1207", "attack-object-name": "Rogue Domain Controller", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1217", "attack-object-name": "Browser Bookmark Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1528", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "OS Credential Dumping: Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "OS Credential Dumping: Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "OS Credential Dumping: Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAM scraper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.002", "attack-object-name": "OS Credential Dumping: Security Account Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "OS Credential Dumping: NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "OS Credential Dumping: NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.003", "attack-object-name": "OS Credential Dumping: NTDS", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "OS Credential Dumping: DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "OS Credential Dumping: DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "OS Credential Dumping: DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.006", "attack-object-name": "OS Credential Dumping: DCSync", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "OS Credential Dumping: /etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "OS Credential Dumping: /etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.008", "attack-object-name": "OS Credential Dumping: /etc/passwd and /etc/shadow", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1005", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1025", "attack-object-name": "Data from Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1039", "attack-object-name": "Data from Network Shared Drive", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1039", "attack-object-name": "Data from Network Shared Drive", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Data from Information Repositories: Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213.001", "attack-object-name": "Data from Information Repositories: Confluence", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Data from Information Repositories: Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213.002", "attack-object-name": "Data from Information Repositories: Sharepoint", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1530", "attack-object-name": "Data from Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1221", "attack-object-name": "Template Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Client-side attack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Indicator Removal on Host: Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.001", "attack-object-name": "Indicator Removal on Host: Clear Windows Event Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Log tampering", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Indicator Removal on Host: Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.002", "attack-object-name": "Indicator Removal on Host: Clear Linux or Mac System Logs", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Log tampering", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.003", "attack-object-name": "Indicator Removal on Host: Clear Command History", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.004", "attack-object-name": "Indicator Removal on Host: File Deletion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.005", "attack-object-name": "Indicator Removal on Host: Network Share Connection Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1070.006", "attack-object-name": "Indicator Removal on Host: Timestomp", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Destruction", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1485", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Destruction", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1495", "attack-object-name": "Firmware Corruption", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Destruction", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561", "attack-object-name": "Disk Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Wipe: Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Wipe: Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Destruction", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561.001", "attack-object-name": "Disk Wipe: Disk Content Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Wipe: Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Wipe: Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Destruction", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Wipe: Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1561.002", "attack-object-name": "Disk Wipe: Disk Structure Wipe", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1006", "attack-object-name": "Direct Volume Access", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027.001", "attack-object-name": "Obfuscated Files or Information: Binary Padding", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027.002", "attack-object-name": "Obfuscated Files or Information: Software Packaging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027.003", "attack-object-name": "Obfuscated Files or Information: Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027.004", "attack-object-name": "Obfuscated Files or Information: Compile After Dilevery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1027.005", "attack-object-name": "Obfuscated Files or Information: Indicator Removal from Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.001", "attack-object-name": "Masquerading: Invalid Code Signature", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.002", "attack-object-name": "Masquerading: Right-to-Left Override", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.002", "attack-object-name": "Masquerading: Right-to-Left Override", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Forgery", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.002", "attack-object-name": "Masquerading: Right-to-Left Override", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Masquerading: Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.003", "attack-object-name": "Masquerading: Rename System Utilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.004", "attack-object-name": "Masquerading: Masquerade Task or Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.005", "attack-object-name": "Masquerading: Match Legitimate Name or Location", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1036.006", "attack-object-name": "Masquerading: Space after Filename", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1222", "attack-object-name": "File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1222.001", "attack-object-name": "File and Directory Permissions Modification: Windows File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1222.002", "attack-object-name": "File and Directory Permissions Modification: Linux and Mac File and Directory Permissions Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Ransomware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1490", "attack-object-name": "Inhibit System Recovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497.001", "attack-object-name": "Virtualization/Sandbox Evasion: System Checks", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497.002", "attack-object-name": "Virtualization/Sandbox Evasion: User Activity Based Checks", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1497.003", "attack-object-name": "Virtualization/Sandbox Evasion: Time Based Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.001", "attack-object-name": "Subvert Trust Contols: Gatekeeper Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.002", "attack-object-name": "Subvert Trust Contols: Code Signing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.003", "attack-object-name": "Subvert Trust Contols: SIP and Trust Provider Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.004", "attack-object-name": "Subvert Trust Contols: Install Root Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.005", "attack-object-name": "Subvert Trust Contols: Mark-of-the-Web Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1553.006", "attack-object-name": "Subvert Trust Contols: Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1562.006", "attack-object-name": "Impair Defenses: Indicator Blocking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1574.012", "attack-object-name": "Hijack Execution Flow: COR_PROFILER", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1600.001", "attack-object-name": "Weaken Encryption: Reduce Key Space", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1600.002", "attack-object-name": "Weaken Encryption: Disable Crypto Hardware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1601", "attack-object-name": "Modify System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Modify System Image: Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1601.001", "attack-object-name": "Modify System Image: Patch System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1601.002", "attack-object-name": "Modify System Image: Downgrade System Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Downloader", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1610", "attack-object-name": "Deploy Container", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Downloader", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Social media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "User Execution: Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Downloader", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "User Execution: Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "User Execution: Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email link", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "User Execution: Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "User Execution: Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.001", "attack-object-name": "User Execution: Malicious Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Social media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "User Execution: Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Downloader", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "User Execution: Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "User Execution: Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "User Execution: Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "User Execution: Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.002", "attack-object-name": "User Execution: Malicious File", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Social media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "User Execution: Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Downloader", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "User Execution: Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Trojan", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "User Execution: Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "User Execution: Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "User Execution: Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "User Execution: Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1204.003", "attack-object-name": "User Execution: Malicious Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Social media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1011", "attack-object-name": "Exfiltration Over Other Network Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Other Network Medium: Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1011.001", "attack-object-name": "Exfiltration Over Other Network Medium: Exfiltration Over Bluetooth", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1020", "attack-object-name": "Automated Exfiltration", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1020", "attack-object-name": "Automated Exfiltration", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Automated Exfiltration: Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1020.001", "attack-object-name": "Automated Exfiltration: Traffic Duplication", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1029", "attack-object-name": "Scheduled Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1030", "attack-object-name": "Data Transfer Size Limits", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1041", "attack-object-name": "Exfiltration Over C2 Channels", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048", "attack-object-name": "Exfiltration Over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Alternative Protocol: Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048.001", "attack-object-name": "Exfiltration Over Alternative Protocol: Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048.002", "attack-object-name": "Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protcol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1048.003", "attack-object-name": "Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protcol", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1052", "attack-object-name": "Exfiltration Over Physical Medium", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration Over Physical Medium: Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1052.001", "attack-object-name": "Exfiltration Over Physical Medium: Exfiltration over USB", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1074", "attack-object-name": "Data Staged", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1074.001", "attack-object-name": "Data Staged: Local Data Staging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1074.002", "attack-object-name": "Data Staged: Remote Data Staging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1197", "attack-object-name": "BITS Jobs", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1537", "attack-object-name": "Transfer Data to Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1560", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1560.001", "attack-object-name": "Archive Collected Data: Archive via Utility", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1560.002", "attack-object-name": "Archive Collected Data: Archive via Library", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1560.003", "attack-object-name": "Archive Collected Data: Archive via Custom Method", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1567", "attack-object-name": "Exfiltration Over Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration Over Web Service: Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1567.001", "attack-object-name": "Exfiltration Over Web Service: Exfiltration to Code Repository", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration Over Web Service: Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1567.002", "attack-object-name": "Exfiltration Over Web Service: Exfiltration to Cloud Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "OS Credential Dumping: Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "OS Credential Dumping: Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.007", "attack-object-name": "OS Credential Dumping: Proc Filesystem", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.001", "attack-object-name": "Process Injection: Dynamic-link Library Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.002", "attack-object-name": "Process Injection: Portable Executable Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.003", "attack-object-name": "Process Injection: Thread Execution Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.004", "attack-object-name": "Process Injection: Asynchronous Procedure Call", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.005", "attack-object-name": "Process Injection: Thread Local Storage", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.008", "attack-object-name": "Process Injection: Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.009", "attack-object-name": "Process Injection: Proc Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.011", "attack-object-name": "Process Injection: Extra Window Memory Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.012", "attack-object-name": "Process Injection: Process Hollowing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.013", "attack-object-name": "Process Injection: Process Doppelganging", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1055.014", "attack-object-name": "Process Injection: VDSO Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1115", "attack-object-name": "Clipboard Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1115", "attack-object-name": "Clipboard Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1557.003", "attack-object-name": "DHCP Spoofing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003", "attack-object-name": "OS Credential Dumping", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "OS Credential Dumping: LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "OS Credential Dumping: LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAM scraper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.001", "attack-object-name": "OS Credential Dumping: LSASS Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "OS Credential Dumping: LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "OS Credential Dumping: LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAM scraper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.004", "attack-object-name": "OS Credential Dumping: LSA Secrets", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "OS Credential Dumping: Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "OS Credential Dumping: Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAM scraper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "OS Credential Dumping: Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email link", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1003.005", "attack-object-name": "OS Credential Dumping: Cached Domain Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Unsecured Credentials: Credentials in Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.001", "attack-object-name": "Unsecured Credentials: Credentials in Files", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Unsecured Credentials: Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.002", "attack-object-name": "Unsecured Credentials: Credentials in Registry", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Unsecured Credentials: Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.003", "attack-object-name": "Unsecured Credentials: Bash History", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Unsecured Credentials: Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.004", "attack-object-name": "Unsecured Credentials: Private Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Unsecured Credentials: Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.005", "attack-object-name": "Unsecured Credentials: Cloud Instance Metadata API", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Unsecured Credentials: Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.006", "attack-object-name": "Unsecured Credentials: Group Policy Preferences", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Credentials from Password Stores: Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.001", "attack-object-name": "Credentials from Password Stores: Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Credentials from Password Stores: Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Credentials from Password Stores: Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.RAM scraper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.002", "attack-object-name": "Credentials from Password Stores: Securityd Memory", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.003", "attack-object-name": "Credentials from Password Stores: Credentials from Web Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.003", "attack-object-name": "Credentials from Password Stores: Credentials from Web Browser", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Credentials from Password Stores: Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.004", "attack-object-name": "Credentials from Password Stores: Windows Credential Manager", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Credentials from Password Stores: Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Password dumper", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1555.005", "attack-object-name": "Credentials from Password Stores: Password Managers", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Ransomware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1486", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Obscuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542", "attack-object-name": "Pre-OS Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542.001", "attack-object-name": "Pre-OS Boot: System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542.002", "attack-object-name": "Pre-OS Boot: Component Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542.003", "attack-object-name": "Pre-OS Boot: Bootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542.004", "attack-object-name": "Pre-OS Boot: ROMMONkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1542.005", "attack-object-name": "Pre-OS Boot: TFTP Boot", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1016", "attack-object-name": "System Network Configuration Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1016.001", "attack-object-name": "System Network Configuration Discovery: Internet Connection Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1482", "attack-object-name": "Domain Trust Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595", "attack-object-name": "Active Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1595.001", "attack-object-name": "Active Scanning: Scanning IP Blocks", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Worm", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1080", "attack-object-name": "Taint Shared Content", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Worm", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Removable media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1091", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Removable media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1140", "attack-object-name": "Deobfuscate/Decode Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608", "attack-object-name": "Stage Capabilities", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.001", "attack-object-name": "Stage Capabilities: Upload Malware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.002", "attack-object-name": "Stage Capabilities: Upload Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.003", "attack-object-name": "Stage Capabilities: Install Digital Certificate", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.004", "attack-object-name": "Stage Capabilities: Drive-by Target", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1608.005", "attack-object-name": "Stage Capabilities: Link Target", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1612", "attack-object-name": "Build Image on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Phishing: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Phishing: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Phishing: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.001", "attack-object-name": "Phishing: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Phishing for Information: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Phishing for Information: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.002", "attack-object-name": "Phishing for Information: Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Phishing: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email link", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Phishing: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.002", "attack-object-name": "Phishing: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Phishing for Information: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email link", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Phishing for Information: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.003", "attack-object-name": "Phishing for Information: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Instant messaging", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566", "attack-object-name": "Phishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1570", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Network propagation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1092", "attack-object-name": "Communication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Removable media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - drive-by", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1189", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Web application", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Phishing: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Phishing: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.002", "attack-object-name": "Phishing: Spearphishing Link", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Web application", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Phishing: Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1566.003", "attack-object-name": "Phishing: Spearphishing via Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598", "attack-object-name": "Phishing for Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Phishing for Information: Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1598.001", "attack-object-name": "Phishing for Information: Spearphishing Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1534", "attack-object-name": "Internal Spearphishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1534", "attack-object-name": "Internal Spearphishing", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Misrepresentation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585", "attack-object-name": "Establish Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585", "attack-object-name": "Establish Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Persona", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585.001", "attack-object-name": "Establish Accounts: Social Media Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585.001", "attack-object-name": "Establish Accounts: Social Media Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Persona", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585.002", "attack-object-name": "Establish Accounts: Email Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1585.002", "attack-object-name": "Establish Accounts: Email Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.development.variety.Persona", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.001", "attack-object-name": "Event Triggered Execution: Change Default File Association", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.002", "attack-object-name": "Event Triggered Execution Screensaver", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.003", "attack-object-name": "Event Triggered Execution: Windows Management Instrumentation Event Subscription", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.004", "attack-object-name": "Event Triggered Execution: Unix Shell Configuration Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.005", "attack-object-name": "Event Triggered Execution: Trap", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.006", "attack-object-name": "Event Triggered Execution: LC_LOAD_DYLIB Addition", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.007", "attack-object-name": "Event Triggered Execution: Netsh Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.008", "attack-object-name": "Event Triggered Execution: Accessibility Features", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.009", "attack-object-name": "Event Triggered Execution: AppCert DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.010", "attack-object-name": "Event Triggered Execution: AppInit DLLs", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.011", "attack-object-name": "Event Triggered Execution: Application Shimming", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.012", "attack-object-name": "Event Triggered Execution: Image File Execution Options Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.013", "attack-object-name": "Event Triggered Execution: PowerShell Profile", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.014", "attack-object-name": "Event Triggered Execution: Emond", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.015", "attack-object-name": "Event Triggered Execution: Component Object Model Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136.001", "attack-object-name": "Create Account: Local Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Created account", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136.002", "attack-object-name": "Create Account: Domain Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Created account", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1136.003", "attack-object-name": "Create Account: Cloud Account", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Created account", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Obscuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1491", "attack-object-name": "Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Defacement", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Defacement: Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Obscuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1491.001", "attack-object-name": "Defacement: Internal Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Defacement", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "Defacement: External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Obscuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1491.002", "attack-object-name": "Defacement: External Defacement", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Defacement", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037.001", "attack-object-name": "Boot or Logon Initialization Scripts: Logon Script (Windows)", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037.002", "attack-object-name": "Boot or Logon Initialization Scripts: Logon Script (Mac)", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037.003", "attack-object-name": "Boot or Logon Initialization Scripts: Network Logon Script", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037.004", "attack-object-name": "Boot or Logon Initialization Scripts: RC Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1037.005", "attack-object-name": "Boot or Logon Initialization Scripts: Startup Items", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1484", "attack-object-name": "Domain Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1484.001", "attack-object-name": "Domain Policy Modification: Group Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1484.002", "attack-object-name": "Domain Policy Modification: Domain Trust Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.001", "attack-object-name": "Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.002", "attack-object-name": "Boot or Logon Autostart Execution: Authentication Package", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.003", "attack-object-name": "Boot or Logon Autostart Execution: Time Providers", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.004", "attack-object-name": "Boot or Logon Autostart Execution: Winlogon Helper DLL", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.005", "attack-object-name": "Boot or Logon Autostart Execution: Security Support Provider", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.006", "attack-object-name": "Boot or Logon Autostart Execution: Kernel Modules and Extensions", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.007", "attack-object-name": "Boot or Logon Autostart Execution: Re-opened Applications", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.008", "attack-object-name": "Boot or Logon Autostart Execution: LSASS Driver", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.009", "attack-object-name": "Boot or Logon Autostart Execution: Shortcut Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.010", "attack-object-name": "Boot or Logon Autostart Execution: Port Monitors", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.012", "attack-object-name": "Boot or Logon Autostart Execution: Print Processors", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.013", "attack-object-name": "Boot or Logon Autostart Execution: XDG Autostart Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Modify Authentication Process: Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.001", "attack-object-name": "Modify Authentication Process: Domain Controller Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Modify Authentication Process: Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.003", "attack-object-name": "Modify Authentication Process: Pluggable Authentication Modules", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Modify Authentication Process: Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1556.004", "attack-object-name": "Modify Authentication Process: Network Device Authentication", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1565", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1565.001", "attack-object-name": "Data Manipulation: Stored Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1565.002", "attack-object-name": "Data Manipulation: Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1565.003", "attack-object-name": "Data Manipulation: Runtime Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098.001", "attack-object-name": "Account Manipulation: Additional Cloud Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098.002", "attack-object-name": "Account Manipulation: Exchange Email Delegate Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098.003", "attack-object-name": "Account Manipulation: Add Office 365 Global Administrator Role", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1098.004", "attack-object-name": "Account Manipulation: SSH Authorized Keys", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1547.014", "attack-object-name": "Boot or Logon Autostart Execution: Active Setup", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1535", "attack-object-name": "Unused/Unsupported Cloud Regions", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Repurpose", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1546.016", "attack-object-name": "Event Triggered Execution: Installer Packages", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1213.003", "attack-object-name": "Code Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552", "attack-object-name": "Unsecured Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1552.007", "attack-object-name": "Unsecured Credentials: Container API", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}]} diff --git a/src/mappings_explorer/cli/parsed_mappings/veris/1.3.7/parsed_veris-1_3_7-mappings-ics.json b/src/mappings_explorer/cli/parsed_mappings/veris/1.3.7/parsed_veris-1_3_7-mappings-ics.json index 9955da48..cf25686a 100644 --- a/src/mappings_explorer/cli/parsed_mappings/veris/1.3.7/parsed_veris-1_3_7-mappings-ics.json +++ b/src/mappings_explorer/cli/parsed_mappings/veris/1.3.7/parsed_veris-1_3_7-mappings-ics.json @@ -1 +1 @@ -{"metadata": {"mapping-version": "2.0", "attack-version": "12.1", "technology-domain": "ics", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "VERIS Framework", "mapping-framework-version": "1.3.7"}, "attack-objects": [{"comments": "", "attack-object-id": "T0800", "attack-object-name": "Activate Firmware Update Mode", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0800", "attack-object-name": "Activate Firmware Update Mode", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0800", "attack-object-name": "Activate Firmware Update Mode", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0800", "attack-object-name": "Activate Firmware Update Mode", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Hardware tampering", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0885", "attack-object-name": "Commonly Used Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0816", "attack-object-name": "Device Restart/Shutdown", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0816", "attack-object-name": "Device Restart/Shutdown", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0816", "attack-object-name": "Device Restart/Shutdown", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0816", "attack-object-name": "Device Restart/Shutdown", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0817", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0817", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - drive-by", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0817", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0817", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Web application", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0817", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Website", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0871", "attack-object-name": "Execution through API", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0823", "attack-object-name": "Graphical User Interface", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0874", "attack-object-name": "Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0874", "attack-object-name": "Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Weaknesses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0867", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0867", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0855", "attack-object-name": "Unauthorized Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0855", "attack-object-name": "Unauthorized Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0855", "attack-object-name": "Unauthorized Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0855", "attack-object-name": "Unauthorized Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0855", "attack-object-name": "Unauthorized Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Misconfigurations", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0855", "attack-object-name": "Unauthorized Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Weaknesses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0869", "attack-object-name": "Standard Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0869", "attack-object-name": "Standard Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0869", "attack-object-name": "Standard Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0881", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0881", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0881", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0853", "attack-object-name": "Scripting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0853", "attack-object-name": "Scripting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0853", "attack-object-name": "Scripting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0822", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0822", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0822", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0822", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0822", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0822", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Vulnerabilities", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0883", "attack-object-name": "Internet Accessible Device", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0883", "attack-object-name": "Internet Accessible Device", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0883", "attack-object-name": "Internet Accessible Device", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0883", "attack-object-name": "Internet Accessible Device", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0848", "attack-object-name": "Rogue Master", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0848", "attack-object-name": "Rogue Master", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0848", "attack-object-name": "Rogue Master", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0848", "attack-object-name": "Rogue Master", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0848", "attack-object-name": "Rogue Master", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Compromised server", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0835", "attack-object-name": "Manipulate I/O Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0835", "attack-object-name": "Manipulate I/O Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0835", "attack-object-name": "Manipulate I/O Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0831", "attack-object-name": "Manipulation of Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0831", "attack-object-name": "Manipulation of Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0806", "attack-object-name": "Brute Force I/O", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0858", "attack-object-name": "Change Operating Mode", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0858", "attack-object-name": "Change Operating Mode", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0858", "attack-object-name": "Change Operating Mode", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0813", "attack-object-name": "Denial of Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0813", "attack-object-name": "Denial of Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0813", "attack-object-name": "Denial of Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0814", "attack-object-name": "Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0814", "attack-object-name": "Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0814", "attack-object-name": "Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0815", "attack-object-name": "Denial of View", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0815", "attack-object-name": "Denial of View", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0815", "attack-object-name": "Denial of View", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0878", "attack-object-name": "Alarm Suppression", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0878", "attack-object-name": "Alarm Suppression", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0804", "attack-object-name": "Block Reporting Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0804", "attack-object-name": "Block Reporting Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0804", "attack-object-name": "Block Reporting Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0805", "attack-object-name": "Block Serial COM", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0805", "attack-object-name": "Block Serial COM", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0805", "attack-object-name": "Block Serial COM", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0820", "attack-object-name": "Exploitation for Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0820", "attack-object-name": "Exploitation for Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0820", "attack-object-name": "Exploitation for Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0820", "attack-object-name": "Exploitation for Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0872", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0872", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0872", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0872", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0872", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Log tampering", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0819", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0819", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Web application", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0819", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0819", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0819", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0819", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Web application", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0819", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Weaknesses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0890", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0890", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0890", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Vulnerabilities", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0866", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0866", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0866", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0866", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0866", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Weaknesses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0830", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0830", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Packet sniffer", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0830", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0830", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0860", "attack-object-name": "Wireless Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0860", "attack-object-name": "Wireless Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0860", "attack-object-name": "Wireless Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0860", "attack-object-name": "Wireless Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0860", "attack-object-name": "Wireless Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0812", "attack-object-name": "Default Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0812", "attack-object-name": "Default Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Default credentials", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0891", "attack-object-name": "Hardcoded Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0891", "attack-object-name": "Hardcoded Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0891", "attack-object-name": "Hardcoded Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Lost or stolen credentials", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0859", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0859", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0859", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Lost or stolen credentials", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0884", "attack-object-name": "Connection Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0884", "attack-object-name": "Connection Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Proxy", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0807", "attack-object-name": "Command-Line Interface", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0887", "attack-object-name": "Wireless Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0887", "attack-object-name": "Wireless Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Packet sniffer", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0887", "attack-object-name": "Wireless Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0887", "attack-object-name": "Wireless Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0864", "attack-object-name": "Transient Cyber Asset", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0864", "attack-object-name": "Transient Cyber Asset", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0864", "attack-object-name": "Transient Cyber Asset", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0864", "attack-object-name": "Transient Cyber Asset", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.In-person", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0864", "attack-object-name": "Transient Cyber Asset", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0868", "attack-object-name": "Detect Operating Mode", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0877", "attack-object-name": "I/O Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0877", "attack-object-name": "I/O Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0852", "attack-object-name": "Screen Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0811", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0811", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0811", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Misconfigurations", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0809", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0809", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0882", "attack-object-name": "Theft of Operational Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0882", "attack-object-name": "Theft of Operational Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0882", "attack-object-name": "Theft of Operational Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0802", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0802", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0802", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0857", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0857", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0851", "attack-object-name": "Rootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0851", "attack-object-name": "Rootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0847", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Worm", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0847", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0847", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Removable media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0863", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Download by malware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0863", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0863", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Documents", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0863", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0865", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0865", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0865", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0865", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0865", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Email addresses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0862", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0862", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0862", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0862", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Hardware tampering", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0862", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0862", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0849", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0856", "attack-object-name": "Spoof Reporting Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0856", "attack-object-name": "Spoof Reporting Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Misrepresentation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0856", "attack-object-name": "Spoof Reporting Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0886", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0886", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0803", "attack-object-name": "Block Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0803", "attack-object-name": "Block Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0836", "attack-object-name": "Modify Parameter", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0836", "attack-object-name": "Modify Parameter", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0821", "attack-object-name": "Modify Controller Tasking", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0821", "attack-object-name": "Modify Controller Tasking", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0889", "attack-object-name": "Modify Program", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0889", "attack-object-name": "Modify Program", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0873", "attack-object-name": "Project File Infection", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0873", "attack-object-name": "Project File Infection", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0879", "attack-object-name": "Damage to Property", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0826", "attack-object-name": "Loss of Availability", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0827", "attack-object-name": "Loss of Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0828", "attack-object-name": "Loss of Productivity and Revenue", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0837", "attack-object-name": "Loss of Protection", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0880", "attack-object-name": "Loss of Safety", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0829", "attack-object-name": "Loss of View", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}]} \ No newline at end of file +{"metadata": {"mapping-version": "2.0", "attack-version": "12.1", "technology-domain": "ics", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "VERIS Framework", "mapping-framework-version": "1.3.7"}, "attack-objects": [{"comments": "", "attack-object-id": "T0800", "attack-object-name": "Activate Firmware Update Mode", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0800", "attack-object-name": "Activate Firmware Update Mode", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0800", "attack-object-name": "Activate Firmware Update Mode", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0800", "attack-object-name": "Activate Firmware Update Mode", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Hardware tampering", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0885", "attack-object-name": "Commonly Used Port", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0816", "attack-object-name": "Device Restart/Shutdown", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0816", "attack-object-name": "Device Restart/Shutdown", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0816", "attack-object-name": "Device Restart/Shutdown", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0816", "attack-object-name": "Device Restart/Shutdown", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0817", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0817", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - drive-by", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0817", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0817", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Web application", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0817", "attack-object-name": "Drive-by Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Website", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0871", "attack-object-name": "Execution through API", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0823", "attack-object-name": "Graphical User Interface", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0874", "attack-object-name": "Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0874", "attack-object-name": "Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Weaknesses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0867", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0867", "attack-object-name": "Lateral Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0855", "attack-object-name": "Unauthorized Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0855", "attack-object-name": "Unauthorized Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0855", "attack-object-name": "Unauthorized Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0855", "attack-object-name": "Unauthorized Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0855", "attack-object-name": "Unauthorized Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Misconfigurations", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0855", "attack-object-name": "Unauthorized Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Weaknesses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0869", "attack-object-name": "Standard Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0869", "attack-object-name": "Standard Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0869", "attack-object-name": "Standard Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0881", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0881", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0881", "attack-object-name": "Service Stop", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0853", "attack-object-name": "Scripting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0853", "attack-object-name": "Scripting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0853", "attack-object-name": "Scripting", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0822", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0822", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0822", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0822", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0822", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0822", "attack-object-name": "External Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Vulnerabilities", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0883", "attack-object-name": "Internet Accessible Device", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0883", "attack-object-name": "Internet Accessible Device", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0883", "attack-object-name": "Internet Accessible Device", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0883", "attack-object-name": "Internet Accessible Device", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0848", "attack-object-name": "Rogue Master", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0848", "attack-object-name": "Rogue Master", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0848", "attack-object-name": "Rogue Master", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0848", "attack-object-name": "Rogue Master", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0848", "attack-object-name": "Rogue Master", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Compromised server", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0835", "attack-object-name": "Manipulate I/O Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0835", "attack-object-name": "Manipulate I/O Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0835", "attack-object-name": "Manipulate I/O Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0831", "attack-object-name": "Manipulation of Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0831", "attack-object-name": "Manipulation of Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0806", "attack-object-name": "Brute Force I/O", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Brute force", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0858", "attack-object-name": "Change Operating Mode", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0858", "attack-object-name": "Change Operating Mode", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0858", "attack-object-name": "Change Operating Mode", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0813", "attack-object-name": "Denial of Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0813", "attack-object-name": "Denial of Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0813", "attack-object-name": "Denial of Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0814", "attack-object-name": "Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0814", "attack-object-name": "Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0814", "attack-object-name": "Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0815", "attack-object-name": "Denial of View", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0815", "attack-object-name": "Denial of View", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0815", "attack-object-name": "Denial of View", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0878", "attack-object-name": "Alarm Suppression", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0878", "attack-object-name": "Alarm Suppression", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0804", "attack-object-name": "Block Reporting Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0804", "attack-object-name": "Block Reporting Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0804", "attack-object-name": "Block Reporting Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0805", "attack-object-name": "Block Serial COM", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0805", "attack-object-name": "Block Serial COM", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0805", "attack-object-name": "Block Serial COM", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0820", "attack-object-name": "Exploitation for Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0820", "attack-object-name": "Exploitation for Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0820", "attack-object-name": "Exploitation for Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0820", "attack-object-name": "Exploitation for Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0872", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0872", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0872", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0872", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0872", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Log tampering", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0819", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0819", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Web application", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0819", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0819", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0819", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0819", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Web application", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0819", "attack-object-name": "Exploit Public-Facing Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Weaknesses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0890", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0890", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0890", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Vulnerabilities", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0866", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0866", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0866", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0866", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0866", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Weaknesses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0830", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0830", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Packet sniffer", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0830", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0830", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0860", "attack-object-name": "Wireless Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0860", "attack-object-name": "Wireless Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0860", "attack-object-name": "Wireless Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0860", "attack-object-name": "Wireless Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0860", "attack-object-name": "Wireless Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0812", "attack-object-name": "Default Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0812", "attack-object-name": "Default Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Default credentials", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0891", "attack-object-name": "Hardcoded Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0891", "attack-object-name": "Hardcoded Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0891", "attack-object-name": "Hardcoded Credentials", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Lost or stolen credentials", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0859", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0859", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0859", "attack-object-name": "Valid Accounts", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Lost or stolen credentials", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0884", "attack-object-name": "Connection Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0884", "attack-object-name": "Connection Proxy", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Proxy", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0807", "attack-object-name": "Command-Line Interface", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0887", "attack-object-name": "Wireless Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0887", "attack-object-name": "Wireless Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Packet sniffer", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0887", "attack-object-name": "Wireless Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0887", "attack-object-name": "Wireless Sniffing", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0864", "attack-object-name": "Transient Cyber Asset", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0864", "attack-object-name": "Transient Cyber Asset", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0864", "attack-object-name": "Transient Cyber Asset", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0864", "attack-object-name": "Transient Cyber Asset", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.In-person", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0864", "attack-object-name": "Transient Cyber Asset", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0868", "attack-object-name": "Detect Operating Mode", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0877", "attack-object-name": "I/O Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0877", "attack-object-name": "I/O Image", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0852", "attack-object-name": "Screen Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0811", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0811", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0811", "attack-object-name": "Data from Information Repositories", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Misconfigurations", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0809", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Destroy data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0809", "attack-object-name": "Data Destruction", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0882", "attack-object-name": "Theft of Operational Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0882", "attack-object-name": "Theft of Operational Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0882", "attack-object-name": "Theft of Operational Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0802", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0802", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0802", "attack-object-name": "Automated Collection", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Organizational Information", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0857", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0857", "attack-object-name": "System Firmware", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0851", "attack-object-name": "Rootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Rootkit", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0851", "attack-object-name": "Rootkit", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0847", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Worm", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0847", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0847", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Removable media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0863", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Download by malware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0863", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0863", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Documents", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0863", "attack-object-name": "User Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0865", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Email attachment", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0865", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Phishing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0865", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0865", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0865", "attack-object-name": "Spearphishing Attachment", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Email addresses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0862", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0862", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0862", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0862", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Hardware tampering", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0862", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0862", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0849", "attack-object-name": "Masquerading", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0856", "attack-object-name": "Spoof Reporting Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0856", "attack-object-name": "Spoof Reporting Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Misrepresentation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0856", "attack-object-name": "Spoof Reporting Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0886", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0886", "attack-object-name": "Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0803", "attack-object-name": "Block Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0803", "attack-object-name": "Block Command Message", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0836", "attack-object-name": "Modify Parameter", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0836", "attack-object-name": "Modify Parameter", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0821", "attack-object-name": "Modify Controller Tasking", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0821", "attack-object-name": "Modify Controller Tasking", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0889", "attack-object-name": "Modify Program", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0889", "attack-object-name": "Modify Program", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0873", "attack-object-name": "Project File Infection", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0873", "attack-object-name": "Project File Infection", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0879", "attack-object-name": "Damage to Property", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0826", "attack-object-name": "Loss of Availability", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0827", "attack-object-name": "Loss of Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0828", "attack-object-name": "Loss of Productivity and Revenue", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0837", "attack-object-name": "Loss of Protection", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0880", "attack-object-name": "Loss of Safety", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T0829", "attack-object-name": "Loss of View", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}]} diff --git a/src/mappings_explorer/cli/parsed_mappings/veris/1.3.7/parsed_veris-1_3_7-mappings-mobile.json b/src/mappings_explorer/cli/parsed_mappings/veris/1.3.7/parsed_veris-1_3_7-mappings-mobile.json index f8bb8d9a..c2a30b0c 100644 --- a/src/mappings_explorer/cli/parsed_mappings/veris/1.3.7/parsed_veris-1_3_7-mappings-mobile.json +++ b/src/mappings_explorer/cli/parsed_mappings/veris/1.3.7/parsed_veris-1_3_7-mappings-mobile.json @@ -1 +1 @@ -{"metadata": {"mapping-version": "2.0", "attack-version": "12.1", "technology-domain": "mobile", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "VERIS Framework", "mapping-framework-version": "1.3.7"}, "attack-objects": [{"comments": "", "attack-object-id": "T1626", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1626", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1626", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Client-side attack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1626.001", "attack-object-name": "Abuse Elevation Control Mechanism: Device Administrator Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1626.001", "attack-object-name": "Abuse Elevation Control Mechanism: Device Administrator Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Client-side attack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1640", "attack-object-name": "Account Access Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1640", "attack-object-name": "Account Access Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Destruction", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1640", "attack-object-name": "Account Access Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1640", "attack-object-name": "Account Access Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1437", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1437", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1437", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1532", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1532", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1398", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1398", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1398", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1398", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1398", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1623", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1623", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1623", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Phone", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1623.001", "attack-object-name": "Command and Scripting Interpreter: Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1623.001", "attack-object-name": "Command and Scripting Interpreter: Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1623.001", "attack-object-name": "Command and Scripting Interpreter: Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Phone", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1624", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1624", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1624.001", "attack-object-name": "Event Triggered Execution: Broadcast Receivers", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1624.001", "attack-object-name": "Event Triggered Execution: Broadcast Receivers", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636", "attack-object-name": "Protected User Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636", "attack-object-name": "Protected User Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636", "attack-object-name": "Protected User Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.001", "attack-object-name": "Protected User Data: Calendar Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.001", "attack-object-name": "Protected User Data: Calendar Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.001", "attack-object-name": "Protected User Data: Calendar Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.002", "attack-object-name": "Protected User Data: Call Log", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.002", "attack-object-name": "Protected User Data: Call Log", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.002", "attack-object-name": "Protected User Data: Call Log", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.003", "attack-object-name": "Protected User Data: Contact List", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.003", "attack-object-name": "Protected User Data: Contact List", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.003", "attack-object-name": "Protected User Data: Contact List", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.004", "attack-object-name": "Protected User Data: SMS Messages", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.004", "attack-object-name": "Protected User Data: SMS Messages", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.004", "attack-object-name": "Protected User Data: SMS Messages", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1603", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1603", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Phone", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1541", "attack-object-name": "Foreground Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1629.001", "attack-object-name": "Impair Defenses: Prevent Application Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1629.002", "attack-object-name": "Impair Defenses: Device Lockout", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1629.002", "attack-object-name": "Impair Defenses: Device Lockout", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1629.002", "attack-object-name": "Impair Defenses: Device Lockout", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1521", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1521", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1521.001", "attack-object-name": "Encrypted Channel: Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1521.001", "attack-object-name": "Encrypted Channel: Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1521.002", "attack-object-name": "Encrypted Channel: Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1521.002", "attack-object-name": "Encrypted Channel: Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1642", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1642", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1642", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1642", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1464", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1464", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1464", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1464", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1627", "attack-object-name": "Execution Guardrails", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1627", "attack-object-name": "Execution Guardrails", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1627", "attack-object-name": "Execution Guardrails", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1627", "attack-object-name": "Execution Guardrails", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1627.001", "attack-object-name": "Execution Guardrails: GeoFencing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1627.001", "attack-object-name": "Execution Guardrails: GeoFencing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1627.001", "attack-object-name": "Execution Guardrails: GeoFencing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1627.001", "attack-object-name": "Execution Guardrails: GeoFencing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1628", "attack-object-name": "Hide Artifacts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1628", "attack-object-name": "Hide Artifacts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1628", "attack-object-name": "Hide Artifacts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1628.001", "attack-object-name": "Hide Artifacts: Suppress Application Icon", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1628.001", "attack-object-name": "Hide Artifacts: Suppress Application Icon", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1628.001", "attack-object-name": "Hide Artifacts: Suppress Application Icon", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1628.002", "attack-object-name": "Hide Artifacts: User Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1628.002", "attack-object-name": "Hide Artifacts: User Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1628.002", "attack-object-name": "Hide Artifacts: User Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Log tampering", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Obscuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406.001", "attack-object-name": "Obfuscated Files or Information: Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406.001", "attack-object-name": "Obfuscated Files or Information: Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406.001", "attack-object-name": "Obfuscated Files or Information: Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406.001", "attack-object-name": "Obfuscated Files or Information: Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Obscuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406.002", "attack-object-name": "Obfuscated Files or Information: Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406.002", "attack-object-name": "Obfuscated Files or Information: Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406.002", "attack-object-name": "Obfuscated Files or Information: Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406.002", "attack-object-name": "Obfuscated Files or Information: Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Obscuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1644", "attack-object-name": "Out of Band Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1644", "attack-object-name": "Out of Band Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1644", "attack-object-name": "Out of Band Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1644", "attack-object-name": "Out of Band Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1644", "attack-object-name": "Out of Band Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1404", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1404", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1404", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Fuzz testing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1428", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1428", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1625", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1625", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1625.001", "attack-object-name": "System Runtime API Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1625.001", "attack-object-name": "System Runtime API Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1635.001", "attack-object-name": "URI Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1635.001", "attack-object-name": "URI Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1635.001", "attack-object-name": "URI Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1638", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1638", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1426", "attack-object-name": "System Information Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1418", "attack-object-name": "Software Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1418.001", "attack-object-name": "Software Discovery: Security Software Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1424", "attack-object-name": "Process Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1422", "attack-object-name": "System Network Configuration Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1421", "attack-object-name": "System Network Connections Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1423", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1631", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1631.001", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1577", "attack-object-name": "Compromise Application Executable", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1577", "attack-object-name": "Compromise Application Executable", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1577", "attack-object-name": "Compromise Application Executable", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Trojan", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1577", "attack-object-name": "Compromise Application Executable", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1645", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1645", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1637", "attack-object-name": "Dynamic Resolution ", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1637", "attack-object-name": "Dynamic Resolution ", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1637.001", "attack-object-name": "Dynamic Resolution: Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1637.001", "attack-object-name": "Dynamic Resolution: Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1481", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1481.001", "attack-object-name": "Web Service: Drop Dead Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1481.002", "attack-object-name": "Web Service: Biderectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1481.003", "attack-object-name": "Web Service: One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1474", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1474.001", "attack-object-name": "Supply Chain Compromise: Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1474.001", "attack-object-name": "Supply Chain Compromise: Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1474.002", "attack-object-name": "Supply Chain Compromise: Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1474.002", "attack-object-name": "Supply Chain Compromise: Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Phone", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1474.002", "attack-object-name": "Supply Chain Compromise: Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Hardware tampering", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1474.003", "attack-object-name": "Supply Chain Compromise: Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1474.003", "attack-object-name": "Supply Chain Compromise: Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1641.001", "attack-object-name": "Data Manipulation: Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1641.001", "attack-object-name": "Data Manipulation: Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1641.001", "attack-object-name": "Data Manipulation: Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1437.001", "attack-object-name": "Application Layer Protocol: Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1643", "attack-object-name": "Generate Traffic from Victim", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1643", "attack-object-name": "Generate Traffic from Victim", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Misrepresentation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1604", "attack-object-name": "Proxy Through Victim", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1604", "attack-object-name": "Proxy Through Victim", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Proxy", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1582", "attack-object-name": "SMS Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1582", "attack-object-name": "SMS Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Instant messaging", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1582", "attack-object-name": "SMS Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1582", "attack-object-name": "SMS Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.SMS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1582", "attack-object-name": "SMS Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Misrepresentation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1429", "attack-object-name": "Audio Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1429", "attack-object-name": "Audio Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1512", "attack-object-name": "Video Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1512", "attack-object-name": "Video Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1513", "attack-object-name": "Screen Capture ", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1513", "attack-object-name": "Screen Capture ", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1517", "attack-object-name": "Access Notifications", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1517", "attack-object-name": "Access Notifications", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1517", "attack-object-name": "Access Notifications", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.SMS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1517", "attack-object-name": "Access Notifications", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1634", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1634", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1634.001", "attack-object-name": "Credentials from Password Stores: Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1634.001", "attack-object-name": "Credentials from Password Stores: Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1533", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1533", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1420", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1409", "attack-object-name": "Stored Application Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1409", "attack-object-name": "Stored Application Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1633", "attack-object-name": "Virtualization /Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1633.001", "attack-object-name": "Virtualization /Sandbox Evasion: System Checks", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1629", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1629", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1629.003", "attack-object-name": "Impair Defenses: Disable of Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1629.003", "attack-object-name": "Impair Defenses: Disable of Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1632", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1632", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1632.001", "attack-object-name": "Subvert Trust Controls: Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1632.001", "attack-object-name": "Subvert Trust Controls: Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1617", "attack-object-name": "Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1617", "attack-object-name": "Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630.001", "attack-object-name": "Indicator Removal on Host: Uninstall Malicious Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630.001", "attack-object-name": "Indicator Removal on Host: Uninstall Malicious Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630.001", "attack-object-name": "Indicator Removal on Host: Uninstall Malicious Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630.002", "attack-object-name": "Indicator Removal on Host: File Deletion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630.002", "attack-object-name": "Indicator Removal on Host: File Deletion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630.002", "attack-object-name": "Indicator Removal on Host: File Deletion", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Destruction", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630.002", "attack-object-name": "Indicator Removal on Host: File Deletion", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630.002", "attack-object-name": "Indicator Removal on Host: File Deletion", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630.003", "attack-object-name": "Indicator Removal on Host: Disguise Root/Jailbreak Indicators", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630.003", "attack-object-name": "Indicator Removal on Host: Disguise Root/Jailbreak Indicators", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630.003", "attack-object-name": "Indicator Removal on Host: Disguise Root/Jailbreak Indicators", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1544", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1544", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1639", "attack-object-name": "Exfiltration over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1639", "attack-object-name": "Exfiltration over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1639.001", "attack-object-name": "Exfiltration over Unencrypted Non-C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1639.001", "attack-object-name": "Exfiltration over Unencrypted Non-C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1646", "attack-object-name": "Exfiltration over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1646", "attack-object-name": "Exfiltration over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1414", "attack-object-name": "Clipboard Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1414", "attack-object-name": "Clipboard Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1641", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1471", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Ransomware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1471", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1471", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1471", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Obscuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1417", "attack-object-name": "Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Spyware/Keylogger", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1417", "attack-object-name": "Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1458", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Worm", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1458", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Removable media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1458", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Removable media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1458", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Phone", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1407", "attack-object-name": "Download New Code at Runtime", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Software update", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1407", "attack-object-name": "Download New Code at Runtime", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1456", "attack-object-name": "Drive-By Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - drive-by", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1456", "attack-object-name": "Drive-By Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Web application", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1456", "attack-object-name": "Drive-By Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Phone", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1461", "attack-object-name": "Lockscreen Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.In-person", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1461", "attack-object-name": "Lockscreen Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Phone", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1616", "attack-object-name": "Call Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1616", "attack-object-name": "Call Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1616", "attack-object-name": "Call Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Misrepresentation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1635", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1635", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Lost or stolen credentials", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1417.001", "attack-object-name": "Input Capture: Keylogging", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1417.002", "attack-object-name": "Input Capture: GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1430", "attack-object-name": "Location Tracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1430.001", "attack-object-name": "Location Tracking: Remote Device Management Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1430.002", "attack-object-name": "Location Tracking: Impersonate SS7 Nodes", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1575", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Phone", "mapping-type": "related-to"}]} \ No newline at end of file +{"metadata": {"mapping-version": "2.0", "attack-version": "12.1", "technology-domain": "mobile", "author": "", "contact": "", "creation-date": "02/03/21", "last-update": "10/27/21", "organization": "", "mapping-framework": "VERIS Framework", "mapping-framework-version": "1.3.7"}, "attack-objects": [{"comments": "", "attack-object-id": "T1626", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1626", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1626", "attack-object-name": "Abuse Elevation Control Mechanism", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Client-side attack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1626.001", "attack-object-name": "Abuse Elevation Control Mechanism: Device Administrator Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1626.001", "attack-object-name": "Abuse Elevation Control Mechanism: Device Administrator Permissions", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Client-side attack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1640", "attack-object-name": "Account Access Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1640", "attack-object-name": "Account Access Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Destruction", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1640", "attack-object-name": "Account Access Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1640", "attack-object-name": "Account Access Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1437", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1437", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1437", "attack-object-name": "Application Layer Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1532", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1532", "attack-object-name": "Archive Collected Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1398", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1398", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1398", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor or C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1398", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1398", "attack-object-name": "Boot or Logon Initialization Scripts", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify privileges", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1623", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1623", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1623", "attack-object-name": "Command and Scripting Interpreter", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Phone", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1623.001", "attack-object-name": "Command and Scripting Interpreter: Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1623.001", "attack-object-name": "Command and Scripting Interpreter: Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Command shell", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1623.001", "attack-object-name": "Command and Scripting Interpreter: Unix Shell", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Phone", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1624", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1624", "attack-object-name": "Event Triggered Execution", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1624.001", "attack-object-name": "Event Triggered Execution: Broadcast Receivers", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1624.001", "attack-object-name": "Event Triggered Execution: Broadcast Receivers", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636", "attack-object-name": "Protected User Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636", "attack-object-name": "Protected User Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636", "attack-object-name": "Protected User Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.001", "attack-object-name": "Protected User Data: Calendar Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.001", "attack-object-name": "Protected User Data: Calendar Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.001", "attack-object-name": "Protected User Data: Calendar Entries", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.002", "attack-object-name": "Protected User Data: Call Log", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.002", "attack-object-name": "Protected User Data: Call Log", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.002", "attack-object-name": "Protected User Data: Call Log", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.003", "attack-object-name": "Protected User Data: Contact List", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.003", "attack-object-name": "Protected User Data: Contact List", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.003", "attack-object-name": "Protected User Data: Contact List", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.004", "attack-object-name": "Protected User Data: SMS Messages", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.004", "attack-object-name": "Protected User Data: SMS Messages", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1636.004", "attack-object-name": "Protected User Data: SMS Messages", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1603", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1603", "attack-object-name": "Scheduled Task/Job", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Phone", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1541", "attack-object-name": "Foreground Persistence", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1629.001", "attack-object-name": "Impair Defenses: Prevent Application Removal", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1629.002", "attack-object-name": "Impair Defenses: Device Lockout", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Abuse of functionality", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1629.002", "attack-object-name": "Impair Defenses: Device Lockout", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1629.002", "attack-object-name": "Impair Defenses: Device Lockout", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1521", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1521", "attack-object-name": "Encrypted Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1521.001", "attack-object-name": "Encrypted Channel: Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1521.001", "attack-object-name": "Encrypted Channel: Symmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1521.002", "attack-object-name": "Encrypted Channel: Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1521.002", "attack-object-name": "Encrypted Channel: Asymmetric Cryptography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1642", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1642", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1642", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1642", "attack-object-name": "Endpoint Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1464", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1464", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.DoS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1464", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Degradation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1464", "attack-object-name": "Network Denial of Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1627", "attack-object-name": "Execution Guardrails", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1627", "attack-object-name": "Execution Guardrails", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1627", "attack-object-name": "Execution Guardrails", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1627", "attack-object-name": "Execution Guardrails", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1627.001", "attack-object-name": "Execution Guardrails: GeoFencing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1627.001", "attack-object-name": "Execution Guardrails: GeoFencing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1627.001", "attack-object-name": "Execution Guardrails: GeoFencing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1627.001", "attack-object-name": "Execution Guardrails: GeoFencing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1628", "attack-object-name": "Hide Artifacts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1628", "attack-object-name": "Hide Artifacts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1628", "attack-object-name": "Hide Artifacts", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1628.001", "attack-object-name": "Hide Artifacts: Suppress Application Icon", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1628.001", "attack-object-name": "Hide Artifacts: Suppress Application Icon", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1628.001", "attack-object-name": "Hide Artifacts: Suppress Application Icon", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1628.002", "attack-object-name": "Hide Artifacts: User Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1628.002", "attack-object-name": "Hide Artifacts: User Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1628.002", "attack-object-name": "Hide Artifacts: User Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Log tampering", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630", "attack-object-name": "Indicator Removal on Host", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406", "attack-object-name": "Obfuscated Files or Information", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Obscuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406.001", "attack-object-name": "Obfuscated Files or Information: Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406.001", "attack-object-name": "Obfuscated Files or Information: Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406.001", "attack-object-name": "Obfuscated Files or Information: Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406.001", "attack-object-name": "Obfuscated Files or Information: Steganography", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Obscuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406.002", "attack-object-name": "Obfuscated Files or Information: Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406.002", "attack-object-name": "Obfuscated Files or Information: Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406.002", "attack-object-name": "Obfuscated Files or Information: Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1406.002", "attack-object-name": "Obfuscated Files or Information: Software Packing", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Obscuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1644", "attack-object-name": "Out of Band Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1644", "attack-object-name": "Out of Band Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1644", "attack-object-name": "Out of Band Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1644", "attack-object-name": "Out of Band Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1644", "attack-object-name": "Out of Band Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1404", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1404", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1404", "attack-object-name": "Exploitation for Privilege Escalation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Fuzz testing", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1428", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Exploit misconfig", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1428", "attack-object-name": "Exploitation of Remote Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Exploit vuln", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1625", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1625", "attack-object-name": "Hijack Execution Flow", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1625.001", "attack-object-name": "System Runtime API Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1625.001", "attack-object-name": "System Runtime API Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Unknown", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1635.001", "attack-object-name": "URI Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Hijack", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1635.001", "attack-object-name": "URI Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Use of stolen creds", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1635.001", "attack-object-name": "URI Hijacking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1638", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.MitM", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1638", "attack-object-name": "Adversary-in-the-Middle", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1426", "attack-object-name": "System Information Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1418", "attack-object-name": "Software Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1418.001", "attack-object-name": "Software Discovery: Security Software Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1424", "attack-object-name": "Process Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Profile host", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1422", "attack-object-name": "System Network Configuration Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1421", "attack-object-name": "System Network Connections Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1423", "attack-object-name": "Network Service Scanning", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Scan network", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1631", "attack-object-name": "Process Injection", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1631.001", "attack-object-name": "Ptrace System Calls", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.variety.Other", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1577", "attack-object-name": "Compromise Application Executable", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1577", "attack-object-name": "Compromise Application Executable", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1577", "attack-object-name": "Compromise Application Executable", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Trojan", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1577", "attack-object-name": "Compromise Application Executable", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1645", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1645", "attack-object-name": "Compromise Client Software Binary", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1637", "attack-object-name": "Dynamic Resolution ", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1637", "attack-object-name": "Dynamic Resolution ", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1637.001", "attack-object-name": "Dynamic Resolution: Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1637.001", "attack-object-name": "Dynamic Resolution: Domain Generation Algorithms", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1481", "attack-object-name": "Web Service", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1481.001", "attack-object-name": "Web Service: Drop Dead Resolver", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1481.002", "attack-object-name": "Web Service: Biderectional Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1481.003", "attack-object-name": "Web Service: One-Way Communication", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Backdoor", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1474", "attack-object-name": "Supply Chain Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1474.001", "attack-object-name": "Supply Chain Compromise: Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1474.001", "attack-object-name": "Supply Chain Compromise: Compromise Software Dependencies and Development Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1474.002", "attack-object-name": "Supply Chain Compromise: Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1474.002", "attack-object-name": "Supply Chain Compromise: Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Phone", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1474.002", "attack-object-name": "Supply Chain Compromise: Compromise Hardware Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Hardware tampering", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1474.003", "attack-object-name": "Supply Chain Compromise: Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Partner", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1474.003", "attack-object-name": "Supply Chain Compromise: Compromise Software Supply Chain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Software", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1641.001", "attack-object-name": "Data Manipulation: Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.hacking.vector.Other network service", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1641.001", "attack-object-name": "Data Manipulation: Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1641.001", "attack-object-name": "Data Manipulation: Transmitted Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1437.001", "attack-object-name": "Application Layer Protocol: Web Protocols", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1643", "attack-object-name": "Generate Traffic from Victim", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1643", "attack-object-name": "Generate Traffic from Victim", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Misrepresentation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1604", "attack-object-name": "Proxy Through Victim", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1604", "attack-object-name": "Proxy Through Victim", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.non-distribution services.variety.Proxy", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1582", "attack-object-name": "SMS Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.C2", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1582", "attack-object-name": "SMS Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Instant messaging", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1582", "attack-object-name": "SMS Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Pretexting", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1582", "attack-object-name": "SMS Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.SMS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1582", "attack-object-name": "SMS Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Misrepresentation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1429", "attack-object-name": "Audio Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1429", "attack-object-name": "Audio Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1512", "attack-object-name": "Video Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1512", "attack-object-name": "Video Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1513", "attack-object-name": "Screen Capture ", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture app data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1513", "attack-object-name": "Screen Capture ", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1517", "attack-object-name": "Access Notifications", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1517", "attack-object-name": "Access Notifications", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Email", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1517", "attack-object-name": "Access Notifications", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.SMS", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1517", "attack-object-name": "Access Notifications", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1634", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1634", "attack-object-name": "Credentials from Password Stores", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1634.001", "attack-object-name": "Credentials from Password Stores: Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1634.001", "attack-object-name": "Credentials from Password Stores: Keychain", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1533", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1533", "attack-object-name": "Data from Local System", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1420", "attack-object-name": "File and Directory Discovery", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1409", "attack-object-name": "Stored Application Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Capture stored data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1409", "attack-object-name": "Stored Application Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1633", "attack-object-name": "Virtualization /Sandbox Evasion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1633.001", "attack-object-name": "Virtualization /Sandbox Evasion: System Checks", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1629", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1629", "attack-object-name": "Impair Defenses", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1629.003", "attack-object-name": "Impair Defenses: Disable of Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1629.003", "attack-object-name": "Impair Defenses: Disable of Modify Tools", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1632", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1632", "attack-object-name": "Subvert Trust Controls", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1632.001", "attack-object-name": "Subvert Trust Controls: Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Disable controls", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1632.001", "attack-object-name": "Subvert Trust Controls: Code Signing Policy Modification", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify configuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1617", "attack-object-name": "Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1617", "attack-object-name": "Hooking", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630.001", "attack-object-name": "Indicator Removal on Host: Uninstall Malicious Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630.001", "attack-object-name": "Indicator Removal on Host: Uninstall Malicious Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630.001", "attack-object-name": "Indicator Removal on Host: Uninstall Malicious Application", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630.002", "attack-object-name": "Indicator Removal on Host: File Deletion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630.002", "attack-object-name": "Indicator Removal on Host: File Deletion", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630.002", "attack-object-name": "Indicator Removal on Host: File Deletion", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Destruction", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630.002", "attack-object-name": "Indicator Removal on Host: File Deletion", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630.002", "attack-object-name": "Indicator Removal on Host: File Deletion", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630.003", "attack-object-name": "Indicator Removal on Host: Disguise Root/Jailbreak Indicators", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630.003", "attack-object-name": "Indicator Removal on Host: Disguise Root/Jailbreak Indicators", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1630.003", "attack-object-name": "Indicator Removal on Host: Disguise Root/Jailbreak Indicators", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1544", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1544", "attack-object-name": "Ingress Tool Transfer", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.variety.Evade Defenses", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1639", "attack-object-name": "Exfiltration over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1639", "attack-object-name": "Exfiltration over Alternative Protocol", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1639.001", "attack-object-name": "Exfiltration over Unencrypted Non-C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1639.001", "attack-object-name": "Exfiltration over Unencrypted Non-C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1646", "attack-object-name": "Exfiltration over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Export data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1646", "attack-object-name": "Exfiltration over C2 Channel", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1414", "attack-object-name": "Clipboard Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.In-memory", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1414", "attack-object-name": "Clipboard Data", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1641", "attack-object-name": "Data Manipulation", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Modify data", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1471", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Ransomware", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1471", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1471", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Loss", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1471", "attack-object-name": "Data Encrypted for Impact", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Obscuration", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1417", "attack-object-name": "Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Spyware/Keylogger", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1417", "attack-object-name": "Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1458", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.variety.Worm", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1458", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Removable media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1458", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Removable media", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1458", "attack-object-name": "Replication Through Removable Media", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Phone", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1407", "attack-object-name": "Download New Code at Runtime", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Software update", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1407", "attack-object-name": "Download New Code at Runtime", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Software installation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1456", "attack-object-name": "Drive-By Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.malware.vector.Web application - drive-by", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1456", "attack-object-name": "Drive-By Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.Web application", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1456", "attack-object-name": "Drive-By Compromise", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Phone", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1461", "attack-object-name": "Lockscreen Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "action.social.vector.In-person", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1461", "attack-object-name": "Lockscreen Bypass", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Phone", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1616", "attack-object-name": "Call Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.availability.variety.Interruption", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1616", "attack-object-name": "Call Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Alter behavior", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1616", "attack-object-name": "Call Control", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.integrity.variety.Misrepresentation", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1635", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1635", "attack-object-name": "Steal Application Access Token", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.targeting.variety.Lost or stolen credentials", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1417.001", "attack-object-name": "Input Capture: Keylogging", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1417.002", "attack-object-name": "Input Capture: GUI Input Capture", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1430", "attack-object-name": "Location Tracking", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1430.001", "attack-object-name": "Location Tracking: Remote Device Management Services", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1430.002", "attack-object-name": "Location Tracking: Impersonate SS7 Nodes", "references": [], "tags": [], "mapping-description": "", "capability-id": "attribute.confidentiality.\"\".data_disclosure", "mapping-type": "related-to"}, {"comments": "", "attack-object-id": "T1575", "attack-object-name": "Native API", "references": [], "tags": [], "mapping-description": "", "capability-id": "value_chain.distribution.variety.Phone", "mapping-type": "related-to"}]}